Managing networks through context: Graph visualization and exploration

With the increasing prevalence of multi-user environments in distributed systems, it has become an increasingly challenging task to precisely identify who is doing what on an enterprise network. Current management systems that rely on inference for user identity and application are not capable of accurately reporting and managing a large-scale network due to the coarseness of the collected data or scaling of the collection mechanism. We propose a system that focuses data collection in the form of local context, i.e. the precise user and application associated with a network connection. Through the use of dynamic correlation and novel graph modeling, we developed a visualization tool called ENAVis (the work appeared in earlier form in [1] and received USENIX best paper award). (Enterprise Network Activities Visualization). ENAVis aids a real-world administrator in allowing them to more efficiently manage and gain insight about the connectivity between hosts, users, applications and data access offering significant streamlining of the management process.

[1]  Douglas Thain,et al.  ENAVis: Enterprise Network Activities Visualization , 2008, LISA.

[2]  Paramvir Bahl,et al.  Discovering Dependencies for Network Management , 2006, HotNets.

[3]  Matthieu Latapy,et al.  Computing Communities in Large Networks Using Random Walks , 2004, J. Graph Algorithms Appl..

[4]  Ali A. Ghorbani,et al.  A novel visualization technique for network anomaly detection , 2004, PST.

[5]  Paramvir Bahl,et al.  Towards highly reliable enterprise network services via inference of multi-level dependencies , 2007, SIGCOMM.

[6]  Ben Shneiderman,et al.  Readings in information visualization - using vision to think , 1999 .

[7]  Robert F. Erbacher,et al.  Intrusion behavior detection through visualization , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[8]  Tetsuji Takada,et al.  MieLog: A Highly Interactive Visual Log Browser Using Information Visualization and Statistical Analysis , 2002, LISA.

[9]  Douglas Thain,et al.  Distributed computing in practice: the Condor experience , 2005, Concurr. Pract. Exp..

[10]  Hajime Inoue,et al.  NetADHICT: A Tool for Understanding Network Traffic , 2007, LISA.

[11]  Trevor F. Cox,et al.  Metric multidimensional scaling , 2000 .

[12]  Patrick Crowley,et al.  A hybrid finite automaton for practical deep packet inspection , 2007, CoNEXT '07.

[13]  Jeffrey Heer,et al.  prefuse: a toolkit for interactive information visualization , 2005, CHI.

[14]  John McHugh,et al.  Over flow: An overview visualization for network analysis , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[15]  Ehab Al-Shaer,et al.  PolicyVis: Firewall Security Policy Visualization and Inspection , 2007, LISA.

[16]  Roger W. Remington,et al.  cognitive engineering: understanding human interaction with complex systems , 2005 .

[17]  Abraham Kandel,et al.  Applied Graph Theory in Computer Vision and Pattern Recognition , 2007 .

[18]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.

[19]  Allan R. Wilks,et al.  Visualizing Network Data , 1995, IEEE Trans. Vis. Comput. Graph..

[20]  Oliver Niggemann,et al.  Supporting Intrusion Detection by Graph Clustering and Graph Drawing , 2000 .

[21]  Horst Bunke,et al.  A Graph-Theoretic Approach to Enterprise Network Dynamics (Progress in Computer Science and Applied Logic (PCS)) , 2006 .

[22]  Peter Bod ik Advanced Tools for Operators of Internet Services , 2006 .

[23]  Kwan-Liu Ma,et al.  PortVis: a tool for port-based detection of security events , 2004, VizSEC/DMSEC '04.

[24]  Andreas Paepcke,et al.  Visual Analysis of Network Flow Data with Timelines and Event Plots , 2007, VizSEC.

[25]  Wayne G. Lutters,et al.  Focusing on context in network traffic analysis , 2006, IEEE Computer Graphics and Applications.

[26]  Horst Bunke,et al.  Graph Sequence Visualisation and its Application to Computer Network Monitoring and Abnormal Event Detection , 2007, Applied Graph Theory in Computer Vision and Pattern Recognition.

[27]  Yan Gao,et al.  IDGraphs: intrusion detection and analysis using histographs , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[28]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[29]  Raffael Marty,et al.  Applied Security Visualization , 2008 .

[30]  Daniel A. Keim,et al.  Visualization of Host Behavior for Network Security , 2007, VizSEC.

[31]  Pavel Minarík,et al.  NetFlow Data Visualization Based on Graphs , 2008, VizSEC.

[32]  Denis Lalanne,et al.  Visual Analysis of Corporate Network Intelligence: Abstracting and Reasoning on Yesterdays for Acting Today , 2007, VizSEC.

[33]  D. Thain,et al.  Simplifying Network Management with Lockdown , 2008 .

[34]  William Yurcik,et al.  Visualizing NetFlows for Security at Line Speed: The SIFT Tool Suite , 2005, LISA.

[35]  T. J. Jankun-Kelly,et al.  Detecting flaws and intruders with visual data analysis , 2004, IEEE Computer Graphics and Applications.

[36]  Kulsoom Abdullah,et al.  Visualizing network data for intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.