PeekKernelFlows: peeking into IP flows

Authors:
Cynthia Wagner;Gérard Wagener;Radu State;Alexandre Dulaunoy;Thomas Engel
Affiliations:
University of Luxembourg, Luxembourg;University of Luxembourg - SNT, Luxembourg;University of Luxembourg, Luxembourg;SES S.A., Château de Betzdorf, Betzdorf, Luxembourg;University of Luxembourg, Luxembourg
Venue:
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Year:
2010

Citing 6
Cited 1

Honeypots: Tracking Hackers

Honeypots: Tracking Hackers
Self-Organizing Maps

Self-Organizing Maps
Aguri: An Aggregation-Based Traffic Profiler

COST 263 Proceedings of the Second International Workshop on Quality of Future Internet Services
Visual Correlation of Network Alerts

IEEE Computer Graphics and Applications
Visual Analytics for Network Flow Analysis

CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations

Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology

Machine learning approach for IP-flow record anomaly detection

NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper introduces a new method for getting insights into IP related data flows based on a simple visualization technique that leverages kernel functions defined over spatial and temporal aggregated IP flows. This approach was implemented in a visualization tool called PeekKernelFlows. This tool simplifies the identification of anomalous patterns over a time period. An intuitive adapting image allows network operators to detect attacks. We validated our method on a real use-case scenario, where we inspected traffic of a high-interaction honeypot.