Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Practical automated detection of stealthy portscans
Journal of Computer Security
The Information Mural: A Technique for Displaying and Navigating Large Information Spaces
IEEE Transactions on Visualization and Computer Graphics
Log Correlation for Intrusion Detection: A Proof of Concept
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
The Spinning Cube of Potential Doom
Communications of the ACM - Wireless sensor networks
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
PortVis: a tool for port-based detection of security events
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
IDS RainStorm: Visualizing IDS Alarms
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
A DoS Resilient Flow-level Intrusion Detection Approach for High-speed Networks
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Ensuring the continuing success of vizsec
Proceedings of the 3rd international workshop on Visualization for computer security
Visual Discovery in Computer Network Defense
IEEE Computer Graphics and Applications
Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Neural visualization of network traffic data for intrusion detection
Applied Soft Computing
Sybil attack detection through global topology pattern visualization
Information Visualization
RT-MOVICAB-IDS: Addressing real-time intrusion detection
Future Generation Computer Systems
Review: A survey of network flow applications
Journal of Network and Computer Applications
| Hi-index | 0.00 |
Traffic anomalies and attacks are commonplace in today's networks and identifying them rapidlyand accurately is critical for operators of large networks. For a statistical intrusion detectionsystem (IDS), it's crucial to detect at the flow-level. However, existing IDS systems offer onlylimited support for interactively examining detected intrusions and anomalies, analyzing wormpropagation patterns, and discovering correlated attacks. These problems are becoming even more acuteas the traffic on today's high-speed routers continues to grow. IDGraphs is an interactivevisualization system for intrusion detection that addresses these challenges. The central visualizationin the system is a flow-level trace plotted with time on the horizontal axis and the total number ofunsuccessful connections (indicating suspicious traffic) on the vertical axis. The article summarizes astack of tens or hundreds of thousands of these traces using the histographs technique, whichcomposites the traces and maps data density at each pixel to brightness. Users can zoom into orinteractively query the summary view, performing analysis by highlighting subsets of the traces. Forexample, brushing a linked correlation matrix view highlights traces with similar patterns, revealingdistributed attacks that are difficult to detect using standard statistical analysis. The articlediscusses the application of IDGraphs to a real network router data set with millions of flow-levelrecords representing total traffic in the terabyte range. The system successfully detects and analyzesa variety of attacks and anomalies, including port scanning, worm outbreaks, stealthy TCP SYN flooding,and some distributed attacks.