A visualization tool for situational awareness of tactical and strategic security events on large and complex computer networks

Authors:
R. Bearavolu;K. Lakkaraju;W. Yurcik;H. Raje
Affiliations:
National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign, Champaign, Illinois;National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign, Champaign, Illinois;National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign, Champaign, Illinois;National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign, Champaign, Illinois
Venue:
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Year:
2003

Citing 7
Cited 4

Characteristics of network traffic flow anomalies

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Case study: interactive visualization for internet security

Proceedings of the conference on Visualization '02
Network Visualization with Nam, the VINT Network Animator

Computer
NetFlow: information loss or win?

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Combining Cisco NetFlow Exports with Relational Database Technology for Usage Statistics, Intrusion Detection, and Network Forensics

LISA '00 Proceedings of the 14th USENIX conference on System administration
The OSU Flow-tools Package and CISCO NetFlow Logs

LISA '00 Proceedings of the 14th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool

LISA '00 Proceedings of the 14th USENIX conference on System administration

NVisionIP: netflow visualizations of system state for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Visual toolkit for network security experiment specification and data analysis

Proceedings of the 3rd international workshop on Visualization for computer security
Tool update: NVisionIP improvements (difference view, sparklines, and shapes)

Proceedings of the 3rd international workshop on Visualization for computer security
Information security strategies: towards an organizational multi-strategy perspective

Journal of Intelligent Manufacturing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Situational awareness of the state of military computer networks is important for both tactical battlefield operations and strategic command-and-control networks. While there have been successful efforts to visualize the state of individual network infrastructure components (routers, links) using SNMP and other network management tools, these systems do not focus on security. Although there have been multiple research proposals, to our knowledge there have only been two realized systems which attempt to visualize security events. Assessing the overall security of a large and complex network is an open problem due to the multidimensional data space. We present a tool, NVisionIP, that makes a direct contribution to solving this open problem. NVisionIP is unique from existing systems in that it simultaneously visualizes multidimensional characteristics of individual computers as well as their relationship to network-wide security events in an entire Class B IP address space.