NetTimeView: Applying Spatio-temporal Data Visualization Techniques to DDoS Attack Analysis

Distributed Denial-Of-Service (DDoS) is a common network attack where multiple computers attempt to disable a single system with overwhelming network traffic. Various data visualization methods have been developed to help explain, analyze, and deal with DDoS attacks. However, most of the existing visualization methods do not effectively present the temporal aspect of the DDoS attack data. In this paper, we present a novel DDoS visualization technique, NetTimeView, that applies spatio-temporal data visualization to DDoS data. This technique integrates network traffic data and temporal data in a single view. Its multi-layered visualization technique is able to handle very large data sets with efficient use of visualization space. This tool is particularly useful for system administrators and network security analysts to conduct network forensic analysis. We demonstrate our method with a case study of a large DDoS data set.

[1]  Ben Shneiderman,et al.  The eyes have it: a task by data type taxonomy for information visualizations , 1996, Proceedings 1996 IEEE Symposium on Visual Languages.

[2]  John R. Goodall,et al.  VIAssist: Visual analytics for cyber defense , 2009, 2009 IEEE Conference on Technologies for Homeland Security.

[3]  G. Conti,et al.  Real-time and forensic network data analysis using animated and coordinated visualization , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[4]  Penny Rheingans,et al.  Visualizing Network Security Events Using Compound Glyphs from a Service-Oriented Perspective , 2007, VizSEC.

[5]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.

[6]  Bruce Gooch,et al.  Visualizing DNS traffic , 2006, VizSEC '06.

[7]  Hideki Koike,et al.  SnortView: visualization system of snort logs , 2004, VizSEC/DMSEC '04.

[8]  D. B. Davis,et al.  Intel Corp. , 1993 .

[9]  Raheem A. Beyah,et al.  P3D: A parallel 3D coordinate visualization for advanced network scans , 2013, 2013 IEEE International Conference on Communications (ICC).

[10]  Johannes Fuchs,et al.  Monitoring large IP spaces with ClockView , 2011, VizSec '11.

[11]  Mao Lin Huang,et al.  A Novel Visualization Method for Detecting DDoS Network Attacks , 2009, VINCI.

[12]  Daniel A. Keim,et al.  Large-Scale Network Monitoring for Visual Analysis of Attacks , 2008, VizSEC.

[13]  Yi Zhao,et al.  Storygraph: extracting patterns from spatio-temporal data , 2013, IDEA@KDD.

[14]  John T. Stasko,et al.  Countering security information overload through alert and packet visualization , 2006, IEEE Computer Graphics and Applications.

[15]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[16]  Heejo Lee,et al.  Fast detection and visualization of network attacks on parallel coordinates , 2009, Comput. Secur..

[17]  Sébastien Tricaud,et al.  Applied parallel coordinates for logs and network traffic attack analysis , 2009, Journal in Computer Virology.