AGENTS '98 Proceedings of the second international conference on Autonomous agents
Authoritative sources in a hyperlinked environment
Journal of the ACM (JACM)
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Stable algorithms for link analysis
Proceedings of the 24th annual international ACM SIGIR conference on Research and development in information retrieval
Investigative Data Mining for Security and Criminal Detection
Investigative Data Mining for Security and Criminal Detection
Case study: interactive visualization for internet security
Proceedings of the conference on Visualization '02
IEEE Transactions on Visualization and Computer Graphics
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Decentralized Event Correlation for Intrusion Detection
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Parallel coordinates: a tool for visualizing multi-dimensional geometry
VIS '90 Proceedings of the 1st conference on Visualization '90
Log Correlation for Intrusion Detection: A Proof of Concept
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
PageCluster: Mining conceptual link hierarchies from Web log files for adaptive Web site navigation
ACM Transactions on Internet Technology (TOIT)
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
A user-centered approach to visualizing network traffic for intrusion detection
CHI '05 Extended Abstracts on Human Factors in Computing Systems
InetVis, a visual tool for network telescope traffic analysis
AFRIGRAPH '06 Proceedings of the 4th international conference on Computer graphics, virtual reality, visualisation and interaction in Africa
IDGraphs: Intrusion Detection and Analysis Using Stream Compositing
IEEE Computer Graphics and Applications
Hierarchical Visualization of Network Intrusion Detection Data
IEEE Computer Graphics and Applications
Visual Correlation of Network Alerts
IEEE Computer Graphics and Applications
Focusing on Context in Network Traffic Analysis
IEEE Computer Graphics and Applications
Visualizing Internet Routing Changes
IEEE Transactions on Visualization and Computer Graphics
Understanding multistage attacks by attack-track based visualization of heterogeneous event streams
Proceedings of the 3rd international workshop on Visualization for computer security
Using visual motifs to classify encrypted traffic
Proceedings of the 3rd international workshop on Visualization for computer security
Tool update: visflowconnect-IP with advanced filtering from usability testing
Proceedings of the 3rd international workshop on Visualization for computer security
Ensuring the continuing success of vizsec
Proceedings of the 3rd international workshop on Visualization for computer security
Detecting distributed scans using high-performance query-driven visualization
Proceedings of the 2006 ACM/IEEE conference on Supercomputing
CluVis: dual-domain visual exploration of cluster/network metadata
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Visualizing NetFlows for security at line speed: the SIFT tool suite
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Progressive multiples for communication-minded visualization
GI '07 Proceedings of Graphics Interface 2007
Visualization based policy analysis: case study in SELinux
Proceedings of the 13th ACM symposium on Access control models and technologies
Existence Plots: A Low-Resolution Time Series for Port Behavior Analysis
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A Component-Based Framework for Visualization of Intrusion Detection Events
Information Security Journal: A Global Perspective
Assisting decision making in the event-driven enterprise using wavelets
Decision Support Systems
A Semi-Autonomic Framework for Intrusion Tolerance in Heterogeneous Networks
IWSOS '08 Proceedings of the 3rd International Workshop on Self-Organizing Systems
Topnet: a network-aware top(1)
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Graph Drawing for Security Visualization
Graph Drawing
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Hit-list worm detection and bot identification in large networks using protocol graphs
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Complexity analysis for information visualization design and evaluation
ISVC'07 Proceedings of the 3rd international conference on Advances in visual computing - Volume Part I
A visualization framework for traffic data exploration and scan detection
NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
Journal of Visual Languages and Computing
Traffic classification using visual motifs: an empirical evaluation
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Characterizing Intelligence Gathering and Control on an Edge Network
ACM Transactions on Internet Technology (TOIT)
High-speed intrusion detection in support of critical infrastructure protection
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Interactive analysis of computer scenarios through parallel coordinates graphics
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
Visualization design for immediate high-level situational assessment
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
A real-time visualization framework for IDS alerts
Proceedings of the 5th International Symposium on Visual Information Communication and Interaction
Review: A survey of network flow applications
Journal of Network and Computer Applications
Scalable hybrid stream and hadoop network analysis system
Proceedings of the 5th ACM/SPEC international conference on Performance engineering
| Hi-index | 0.00 |
We present a visualization design to enhance the ability of an administrator to detect and investigate anomalous traffic between a local network and external domains. Central to the design is a parallel axes view which displays NetFlow records as links between two machines or domains while employing a variety of visual cues to assist the user. We describe several filtering options that can be employed to hide uninteresting or innocuous traffic such that the user can focus his or her attention on the more unusual network flows. This design is implemented in the form of VisFlowConnect, a prototype application which we used to study the effectiveness of our visualization approach. Using VisFlowConnect, we were able to discover a variety of interesting network traffic patterns. Some of these were harmless, normal behavior, but some were malicious attacks against machines on the network.