A new concentric-circle visualization of multi-dimensional data and its application in network security

With the rapid growth of networked data communications in size and complexity, network administrators today are facing more challenges to protect their networked computers and devices from all kinds of attacks. This paper proposes a new concentric-circle visualization method for visualizing multi-dimensional network data. This method can be used to identify the main features of network attacks, such as DDoS attack, by displaying their recognizable visual patterns. To reduce the edge overlaps and crossings, we arrange multiple axes displayed as concentric circles rather than the traditional parallel lines. In our method, we use polycurves to link values (vertexes) rather than polylines used in parallel coordinate approach. Some heuristics are applied in our new method in order to improve the readability of views. We discuss the advantages as well as the limitations of our new method. In comparison with the parallel coordinate visualization, our approach can reduce more than 15% of the edge overlaps and crossings. In the second stage of the method, we have further enhanced the readability of views by increasing the edge crossing angle. Finally, we introduce our prototype system: a visual interactive network scan detection system called CCScanViewer. It is based on our new visualization approach and the experiments have showed that the new approach is effective in detecting attack features from a variety of networking patterns, such as the features of network scans and DDoS attacks.

[1]  Alexander A. Sawchuk,et al.  CyberSeer: 3D audio-visual immersion for network security and management , 2004, VizSEC/DMSEC '04.

[2]  Hong Zhou,et al.  Visual Clustering in Parallel Coordinates , 2008, Comput. Graph. Forum.

[3]  A. F. Adams,et al.  The Survey , 2021, Dyslexia in Higher Education.

[4]  Alfred Inselberg,et al.  Parallel coordinates: a tool for visualizing multi-dimensional geometry , 1990, Proceedings of the First IEEE Conference on Visualization: Visualization `90.

[5]  Camilla Forsell,et al.  Task-based evaluation of multirelational 3D and standard 2D parallel coordinates , 2007, Electronic Imaging.

[6]  Kwan-Liu Ma,et al.  PortVis: a tool for port-based detection of security events , 2004, VizSEC/DMSEC '04.

[7]  Daniel A. Keim,et al.  Designing Pixel-Oriented Visualization Techniques: Theory and Applications , 2000, IEEE Trans. Vis. Comput. Graph..

[8]  Edward R. Tufte,et al.  The Visual Display of Quantitative Information , 1986 .

[9]  Raheem A. Beyah,et al.  Visual firewall: real-time network security monitor , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[10]  Hong Zhou,et al.  Splatting the Lines in Parallel Coordinates , 2009, Comput. Graph. Forum.

[11]  Matthew D. Cooper,et al.  Revealing Structure within Clustered Parallel Coordinates Displays , 2005, INFOVIS.

[12]  Evangelos E. Milios,et al.  LogView: Visualizing Event Log Clusters , 2008, 2008 Sixth Annual Conference on Privacy, Security and Trust.

[13]  Kwan-Liu Ma,et al.  VizSEC 2007, Proceedings of the Workshop on Visualization for Computer Security, Sacramento, California, USA, October 29, 2007 , 2008, VizSEC.

[14]  Paul Molitor,et al.  Using Sifting for k -Layer Straightline Crossing Minimization , 1999, GD.

[15]  Helwig Hauser,et al.  Outlier-Preserving Focus+Context Visualization in Parallel Coordinates , 2006, IEEE Transactions on Visualization and Computer Graphics.

[16]  Emilio Di Giacomo,et al.  Radial Drawings of Graphs: Geometric Constraints and Trade-Offs , 2006, Graph Drawing.

[17]  Matthew O. Ward,et al.  Clutter Reduction in Multi-Dimensional Data Visualization Using Dimension Reordering , 2004, IEEE Symposium on Information Visualization.

[18]  R. Rudell Dynamic variable ordering for ordered binary decision diagrams , 1993, Proceedings of 1993 International Conference on Computer Aided Design (ICCAD).

[19]  Ulrik Brandes,et al.  Communicating Centrality in Policy Network Drawings , 1999, IEEE Trans. Vis. Comput. Graph..

[20]  Matthew O. Ward,et al.  Hierarchical parallel coordinates for exploration of large datasets , 1999, Proceedings Visualization '99 (Cat. No.99CB37067).

[21]  Bill Cheswick,et al.  Mapping and Visualizing the Internet , 2000, USENIX Annual Technical Conference, General Track.

[22]  Erik-Jan van der Linden,et al.  Visualizing Business Data with Generalized Treemaps , 2006, IEEE Transactions on Visualization and Computer Graphics.

[23]  Walid G. Aref,et al.  Performance of multi-dimensional space-filling curves , 2002, GIS '02.

[24]  Christian Bachmaier,et al.  A Radial Adaptation of the Sugiyama Framework for Visualizing Hierarchical Information , 2007, IEEE Transactions on Visualization and Computer Graphics.

[25]  J. van Leeuwen,et al.  Drawing Graphs , 2001, Lecture Notes in Computer Science.

[26]  Heidrun Schumann,et al.  Axes-based visualizations with radial layouts , 2004, SAC '04.

[27]  Kwan-Liu Ma,et al.  A visualization methodology for characterization of network scans , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[28]  Ehab Al-Shaer,et al.  A Novel Visualization Approach for Efficient Network-wide Traffic Monitoring , 2007, 2007 Workshop on End-to-End Monitoring Techniques and Services.

[29]  Matthew O. Ward,et al.  Navigating hierarchies with structure-based brushes , 1999, Proceedings 1999 IEEE Symposium on Information Visualization (InfoVis'99).

[30]  Yifan Li,et al.  VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.

[31]  Helwig Löffelmann,et al.  Visualizing the behaviour of higher dimensional dynamical systems , 1997 .

[32]  George Kesidis,et al.  Efficient Mining of the Multidimensional Traffic Cluster Hierarchy for Digesting, Visualization, and Anomaly Identification , 2006, IEEE Journal on Selected Areas in Communications.

[33]  T. Samak,et al.  On the efficiency of using space-filling curves in network traffic representation , 2008, IEEE INFOCOM Workshops 2008.

[34]  Kulsoom Abdullah,et al.  Passive visual fingerprinting of network attack tools , 2004, VizSEC/DMSEC '04.

[35]  Sule Simsek Work in Progress - Tracking Correlated Attacks in Enterprise Intranets through Lattices , 2006, 2006 Securecomm and Workshops.

[36]  Colin Ware,et al.  Cognitive Measurements of Graph Aesthetics , 2002, Inf. Vis..

[37]  Dominique Brodbeck,et al.  A Visual Approach for Monitoring Logs , 1998, LISA.

[38]  Yan Gao,et al.  IDGraphs: intrusion detection and analysis using histographs , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[39]  Rawiroj Robert Kasemsri A Survey, Taxonomy, and Analysis of Network Security Visualization Techniques , 2005 .

[40]  Helwig Hauser,et al.  Parallel Sets: interactive exploration and visual analysis of categorical data , 2006, IEEE Transactions on Visualization and Computer Graphics.

[41]  Penny Rheingans,et al.  Visualizing Network Security Events Using Compound Glyphs from a Service-Oriented Perspective , 2007, VizSEC.

[42]  Harri Siirtola,et al.  Interacting with parallel coordinates , 2006, Interact. Comput..

[43]  Robert F. Erbacher Visual traffic monitoring and evaluation , 2001, SPIE ITCom.

[44]  Daniel A. Keim,et al.  Monitoring Network Traffic with Radial Traffic Analyzer , 2006, 2006 IEEE Symposium On Visual Analytics Science And Technology.

[45]  Daniel A. Keim,et al.  Information Visualization and Visual Data Mining , 2002, IEEE Trans. Vis. Comput. Graph..

[46]  Haim Levkowitz,et al.  Uncovering Clusters in Crowded Parallel Coordinates Visualizations , 2004, IEEE Symposium on Information Visualization.

[47]  Edward Rolf Tufte,et al.  The visual display of quantitative information , 1985 .

[48]  Hong Zhou,et al.  Scattering Points in Parallel Coordinates , 2009, IEEE Transactions on Visualization and Computer Graphics.

[49]  Weidong Huang,et al.  How People Read Graphs , 2005, APVIS.

[50]  Alan J. Dix,et al.  Enabling Automatic Clutter Reduction in Parallel Coordinate Plots , 2006, IEEE Transactions on Visualization and Computer Graphics.

[51]  Matthew D. Cooper,et al.  3-dimensional display for clustered multi-relational parallel coordinates , 2005, Ninth International Conference on Information Visualisation (IV'05).

[52]  Alan J. Dix,et al.  Density control through random sampling: an architectural perspective , 2002, Proceedings Sixth International Conference on Information Visualisation.