Tree visualization with tree-maps: 2-d space-filling approach
ACM Transactions on Graphics (TOG)
Case study: interactive visualization for internet security
Proceedings of the conference on Visualization '02
Information Visualization and Visual Data Mining
IEEE Transactions on Visualization and Computer Graphics
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
XmdvTool: integrating multiple methods for visualizing multivariate data
VIS '94 Proceedings of the conference on Visualization '94
The sybil attack in sensor networks: analysis & defenses
Proceedings of the 3rd international symposium on Information processing in sensor networks
Detecting and correcting malicious data in VANETs
Proceedings of the 1st ACM international workshop on Vehicular ad hoc networks
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Distributed Detection of Node Replication Attacks in Sensor Networks
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
On the establishment of distinct identities in overlay networks
Proceedings of the twenty-fourth annual ACM symposium on Principles of distributed computing
SeRLoc: Robust localization for wireless sensor networks
ACM Transactions on Sensor Networks (TOSN)
Elastic Hierarchies: Combining Treemaps and Node-Link Diagrams
INFOVIS '05 Proceedings of the Proceedings of the 2005 IEEE Symposium on Information Visualization
An RSSI-based Scheme for Sybil Attack Detection in Wireless Sensor Networks
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
Detection and localization of sybil nodes in VANETs
DIWANS '06 Proceedings of the 2006 workshop on Dependability issues in wireless ad hoc networks and sensor networks
Detecting identity-based attacks in wireless networks using signalprints
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
MatrixExplorer: a Dual-Representation System to Explore Social Networks
IEEE Transactions on Visualization and Computer Graphics
Diffusion and graph spectral methods for network forensic analysis
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
IEEE Transactions on Software Engineering
Transient-based identification of wireless sensor nodes
IPSN '09 Proceedings of the 2009 International Conference on Information Processing in Sensor Networks
Interactive visualization for network and port scan detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Time histograms for large, time-dependent data
VISSYM'04 Proceedings of the Sixth Joint Eurographics - IEEE TCVG conference on Visualization
BURN: baring unknown rogue networks
Proceedings of the 8th International Symposium on Visualization for Cyber Security
| Hi-index | 0.00 |
This paper presents a new approach to intrusion detection that supports the identification and analysis of network anomalies using an interactive coordinated multiple views (CMV) mechanism. A CMV visualization consisting of a node-link diagram, scatterplot, and time histogram is described that allows interactive analysis from different perspectives, as some network anomalies can only be identified through joint features in the provided spaces. Spectral analysis methods are integrated to provide visual cues that allow identification of malicious nodes. An adjacency-based method is developed to generate the time histogram, which allows users to select time ranges in which suspicious activity occurs. Data from Sybil attacks in simulated wireless networks is used as the test bed for the system. The results and discussions demonstrate that intrusion detection can be achieved with a few iterations of CMV exploration. Quantitative results are collected on the accuracy of our approach and comparisons are made to single domain exploration and other high-dimensional projection methods. We believe that this approach can be extended to anomaly detection in general networks, particularly to Internet networks and social networks.