Home-centric visualization of network traffic for security administration

Today's system administrators, burdened by rapidly increasing network activity, must quickly perceive the security state of their networks, but they often have only text-based tools to work with. These tools often provide no overview to help users grasp the big-picture. Our interviews with administrators have revealed that they need visualization tools; thus, we present VISUAL (Visual Information Security Utility for Administration Live), a network security visualization tool that allows users to see communication patterns between their home (or internal) networks and external hosts. VISUAL is part of our Network Eye security visualization architecture, also described in this paper. We have designed and tested a new computer security visualization that gives a quick overview of current and recent communication patterns in the monitored network to the users. Many tools can detect and show fan-out and fan-in, but VISUAL shows network events graphically, in context. Visualization helps users comprehend the intensity of network events more intuitively than text-based tools can. VISUAL provides insight for networks with up to 2,500 home hosts and 10,000 external hosts, shows the relative activity of hosts, displays them in a constant relative position, and reveals the ports and protocols used.

[1]  Daniel A. Keim,et al.  The Gridfit algorithm: an efficient and effective approach to visualizing large amo , 1998 .

[2]  Jan H. P. Eloff,et al.  A taxonomy for information security technologies , 2003, Comput. Secur..

[3]  Daniel A. Keim,et al.  Designing Pixel-Oriented Visualization Techniques: Theory and Applications , 2000, IEEE Trans. Vis. Comput. Graph..

[4]  Chris North,et al.  DataWear: Revealing Trends Of Dynamic Data In Visualizations , 2001 .

[5]  Daniel A. Keim,et al.  The Gridfit algorithm: an efficient and effective approach to visualizing large amounts of spatial data , 1998, Proceedings Visualization '98 (Cat. No.98CB36276).

[6]  Kwan-Liu Ma,et al.  A visual exploration process for the analysis of Internet routing data , 2003, IEEE Visualization, 2003. VIS 2003..

[7]  Deborah A. Frincke,et al.  Balancing cooperation and risk in intrusion detection , 2000, TSEC.

[8]  Ivan Herman,et al.  Graph Visualization and Navigation in Information Visualization: A Survey , 2000, IEEE Trans. Vis. Comput. Graph..

[9]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[10]  C D Wickens,et al.  Compatibility and Resource Competition between Modalities of Input, Central Processing, and Output , 1983, Human factors.

[11]  Kofi Nyarko,et al.  Network intrusion visualization with NIVA, an intrusion detection visual analyzer with haptic integration , 2002, Proceedings 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems. HAPTICS 2002.

[12]  Lucy T. Nowell,et al.  Change blindness in information visualization: a case study , 2001, IEEE Symposium on Information Visualization, 2001. INFOVIS 2001..

[13]  Robert F. Erbacher,et al.  Intrusion behavior detection through visualization , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[14]  Deborah A. Frincke,et al.  Visualization in detection of intrusions and misuse in large scale networks , 2000, 2000 IEEE Conference on Information Visualization. An International Conference on Computer Visualization and Graphics.

[15]  Ben Shneiderman,et al.  The eyes have it: a task by data type taxonomy for information visualizations , 1996, Proceedings 1996 IEEE Symposium on Visual Languages.

[16]  Barbara Tversky,et al.  Distortions in cognitive maps , 1992 .

[17]  Luc Girardin An Eye on Network Intruder-Administrator Shootouts , 1999, Workshop on Intrusion Detection and Network Monitoring.

[18]  Mary Czerwinski,et al.  Data mountain: using spatial memory for document management , 1998, UIST '98.

[19]  J. T. Cota Implementicion de un monitor analizador grafico de reden el entorno gnome , 2001 .

[20]  Chris North,et al.  Empirical comparison of dynamic query sliders and brushing histograms , 2003, IEEE Symposium on Information Visualization 2003 (IEEE Cat. No.03TH8714).

[21]  Bill Cheswick,et al.  Mapping and Visualizing the Internet , 2000, USENIX Annual Technical Conference, General Track.

[22]  D. Frincke,et al.  A Framework for Cooperative Intrusion Detection , 1998 .

[23]  George Varghese,et al.  Automatically inferring patterns of resource consumption in network traffic , 2003, SIGCOMM '03.