Characteristics of network traffic flow anomalies
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Case study: interactive visualization for internet security
Proceedings of the conference on Visualization '02
NetFlow: information loss or win?
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
LISA '00 Proceedings of the 14th USENIX conference on System administration
The OSU Flow-tools Package and CISCO NetFlow Logs
LISA '00 Proceedings of the 14th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Visual toolkit for network security experiment specification and data analysis
Proceedings of the 3rd international workshop on Visualization for computer security
Tool update: NVisionIP improvements (difference view, sparklines, and shapes)
Proceedings of the 3rd international workshop on Visualization for computer security
Information security strategies: towards an organizational multi-strategy perspective
Journal of Intelligent Manufacturing
Hi-index | 0.00 |
Situational awareness of the state of military computer networks is important for both tactical battlefield operations and strategic command-and-control networks. While there have been successful efforts to visualize the state of individual network infrastructure components (routers, links) using SNMP and other network management tools, these systems do not focus on security. Although there have been multiple research proposals, to our knowledge there have only been two realized systems which attempt to visualize security events. Assessing the overall security of a large and complex network is an open problem due to the multidimensional data space. We present a tool, NVisionIP, that makes a direct contribution to solving this open problem. NVisionIP is unique from existing systems in that it simultaneously visualizes multidimensional characteristics of individual computers as well as their relationship to network-wide security events in an entire Class B IP address space.