A Visual Technique for Internet Anomaly Detection

The Internet can be made more secure and efficient with effective anomaly detection. In this paper, we describe a visual method for anomaly detection using archived Border Gateway Protocol (BGP) data. A special encoding of IP addresses built into an interactive visual interface design allows a user to quickly detect Origin AS changes by browsing through 2D visual representation of selected aspects of the BGP data. We demonstrate that each visually spotted anomaly agrees with actual anomaly on record. It is clear that this visual approach can play a major role in an anomaly detection system.

[1]  Luc Girardin An Eye on Network Intruder-Administrator Shootouts , 1999, Workshop on Intrusion Detection and Network Monitoring.

[2]  David S. Ebert,et al.  Case Study: Visualization and Information Retrieval Techniques for Network Intrusion Detection , 2001, VisSym.

[3]  Wenke Lee,et al.  A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems , 1999 .

[4]  Hing-Yan Lee,et al.  Exploiting Visualization in Knowledge Discovery , 1995, KDD.

[5]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[6]  Jade Goldstein-Stewart,et al.  A Framework for Knowledge-based Interactive Data Exploration , 1994, J. Vis. Lang. Comput..

[7]  Ben Shneiderman,et al.  Visual information seeking: tight coupling of dynamic query filters with starfield displays , 1994, CHI '94.

[8]  William Ribarsky,et al.  Discovery Visualization Using Fast Clustering , 1999, IEEE Computer Graphics and Applications.

[9]  Daniel Massey,et al.  An analysis of BGP multiple origin AS (MOAS) conflicts , 2001, IMW '01.

[10]  B. Schneirdeman,et al.  Designing the User Interface: Strategies for Effective Human-Computer Interaction , 1998 .

[11]  Ben Shneiderman,et al.  Designing the User Interface: Strategies for Effective Human-Computer Interaction , 1998 .

[12]  Hans-Peter Kriegel,et al.  Visualization Techniques for Mining Large Databases: A Comparison , 1996, IEEE Trans. Knowl. Data Eng..

[13]  Deborah L. McGuinness,et al.  Integrated Support for Data Archeology , 1993, Int. J. Cooperative Inf. Syst..

[14]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[15]  Terran Lane,et al.  Hidden Markov Models for Human/Computer Interface Modeling , 1999 .

[16]  Ben Shneiderman,et al.  Visual information seeking: tight coupling of dynamic query filters with starfield displays , 1994, CHI Conference Companion.

[17]  Ganesh S. Oak Information Visualization Introduction , 2022 .

[18]  Arno Siebes,et al.  Data Mining: the search for knowledge in databases. , 1994 .