NVisionIP: netflow visualizations of system state for security situational awareness

Authors:
Kiran Lakkaraju;William Yurcik;Adam J. Lee
Affiliations:
University of Illinois at Urbana-Champaign, Champaign, IL;University of Illinois at Urbana-Champaign, Champaign, IL;University of Illinois at Urbana-Champaign, Champaign, IL
Venue:
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Year:
2004

Citing 12
Cited 49

The visual display of quantitative information

The visual display of quantitative information
Tree visualization with tree-maps: 2-d space-filling approach

ACM Transactions on Graphics (TOG)
The design and implementation of tripwire: a file system integrity checker

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Case study: interactive visualization for internet security

Proceedings of the conference on Visualization '02
Backtracking intrusions

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The Spinning Cube of Potential Doom

Communications of the ACM - Wireless sensor networks
Combining Cisco NetFlow Exports with Relational Database Technology for Usage Statistics, Intrusion Detection, and Network Forensics

LISA '00 Proceedings of the 14th USENIX conference on System administration
The OSU Flow-tools Package and CISCO NetFlow Logs

LISA '00 Proceedings of the 14th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool

LISA '00 Proceedings of the 14th USENIX conference on System administration
Storage-based intrusion detection: watching storage activity for suspicious behavior

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A visualization tool for situational awareness of tactical and strategic security events on large and complex computer networks

MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Intrusion and misuse detection in large-scale systems

IEEE Computer Graphics and Applications

VisFlowConnect: netflow visualizations of link relationships for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Manifold learning visualization of network traffic data

Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
IDGraphs: Intrusion Detection and Analysis Using Stream Compositing

IEEE Computer Graphics and Applications
Visual Correlation of Network Alerts

IEEE Computer Graphics and Applications
Focusing on Context in Network Traffic Analysis

IEEE Computer Graphics and Applications
An intelligent, interactive tool for exploration and visualization of time-oriented security data

Proceedings of the 3rd international workshop on Visualization for computer security
Real-time collaborative network monitoring and control using 3D game engines for representation and interaction

Proceedings of the 3rd international workshop on Visualization for computer security
Using visual motifs to classify encrypted traffic

Proceedings of the 3rd international workshop on Visualization for computer security
Visualization assisted detection of sybil attacks in wireless networks

Proceedings of the 3rd international workshop on Visualization for computer security
Tool update: NVisionIP improvements (difference view, sparklines, and shapes)

Proceedings of the 3rd international workshop on Visualization for computer security
Ensuring the continuing success of vizsec

Proceedings of the 3rd international workshop on Visualization for computer security
Visualizations to improve reactivity towards security incidents inside corporate networks

Proceedings of the 3rd international workshop on Visualization for computer security
Detecting distributed scans using high-performance query-driven visualization

Proceedings of the 2006 ACM/IEEE conference on Supercomputing
Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Towards network awareness

LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Visualizing NetFlows for security at line speed: the SIFT tool suite

LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Interactive traffic analysis and visualization with Wisconsin Netpy

LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Progressive multiples for communication-minded visualization

GI '07 Proceedings of Graphics Interface 2007
Visual Discovery in Computer Network Defense

IEEE Computer Graphics and Applications
Interactive wormhole detection and evaluation

Information Visualization
Conceptual Integration of Flow-Based and Packet-Based Network Intrusion Detection

AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
The Contact Surface: A Technique for Exploring Internet Scale Emergent Behaviors

DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Existence Plots: A Low-Resolution Time Series for Port Behavior Analysis

VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Using Time Series 3D AlertGraph and False Alert Classification to Analyse Snort Alerts

VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A Component-Based Framework for Visualization of Intrusion Detection Events

Information Security Journal: A Global Perspective
Topnet: a network-aware top(1)

LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Domain Specific Intended Use Evaluation Method: Intrusion Detection Specific Intended Use Evaluation Method

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Hit-list worm detection and bot identification in large networks using protocol graphs

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Complexity analysis for information visualization design and evaluation

ISVC'07 Proceedings of the 3rd international conference on Advances in visual computing - Volume Part I
A visualization framework for traffic data exploration and scan detection

NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
A unified approach to network traffic and network security visualisation

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Visualizing graph dynamics and similarity for enterprise network security and management

Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Traffic classification using visual motifs: an empirical evaluation

Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Interactive detection of network anomalies via coordinated multiple views

Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Managing networks through context: Graph visualization and exploration

Computer Networks: The International Journal of Computer and Telecommunications Networking
Nfsight: netflow-based network awareness tool

LISA'10 Proceedings of the 24th international conference on Large installation system administration
Neural visualization of network traffic data for intrusion detection

Applied Soft Computing
CueT: human-guided fast and accurate network alarm triage

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
TVi: a visual querying system for network monitoring and anomaly detection

Proceedings of the 8th International Symposium on Visualization for Cyber Security
DarkNOC: dashboard for honeypot management

LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Visualization design for immediate high-level situational assessment

Proceedings of the Ninth International Symposium on Visualization for Cyber Security
MalwareVis: entity-based visualization of malware network traces

Proceedings of the Ninth International Symposium on Visualization for Cyber Security
DAEDALUS-VIZ: novel real-time 3D visualization for darknet monitoring-based alert system

Proceedings of the Ninth International Symposium on Visualization for Cyber Security
RT-MOVICAB-IDS: Addressing real-time intrusion detection

Future Generation Computer Systems
Review: A survey of network flow applications

Journal of Network and Computer Applications
Visualizing PHPIDS log files for better understanding of web server attacks

Proceedings of the Tenth Workshop on Visualization for Cyber Security
Flexible web visualization for alert-based network security analytics

Proceedings of the Tenth Workshop on Visualization for Cyber Security
Visualizing big network traffic data using frequent pattern mining and hypergraphs

Computing
Flow-inspector: a framework for visualizing network flow data using current web technologies

Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The number of attacks against large computer systems is currently growing at a rapid pace. Despite the best efforts of security analysts, large organizations are having trouble keeping on top of the current state of their networks. In this paper, we describe a tool called NVisionIP that is designed to increase the security analyst's situational awareness. As humans are inherently visual beings, NVisionIP uses a graphical representation of a class-B network to allow analysts to quickly visualize the current state of their network. We present an overview of NVisionIP along with a discussion of various types of security-related scenarios that it can be used to detect.