ENAVis: Enterprise Network Activities Visualization

With the prevalence of multi-user environments, it has become an increasingly challenging task to precisely identify who is doing what on an enterprise network. Current management systems that rely on inferring user identity and application usage via log files from routers and switches are not capable of accurately reporting and managing a large-scale network due to the coarseness of the collected data. We propose a system that utilizes finer-grained data in the form of local context, i.e., the precise user and application associated with a network connection. Through the use of dynamic correlation and graph modeling, we developed a visualization tool called ENAVis (Enterprise Network Activities Visualization). ENAV is aids a real-world administrator in allowing them to more efficiently manage and gain insight about the connectivity between hosts, users, and applications that is otherwise obfuscated, lost or not collected in systems currently deployed in an enterprise setting.

[1]  Martín Casado,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM '07.

[2]  Thomas H. Cormen,et al.  Introduction to algorithms [2nd ed.] , 2001 .

[3]  Paramvir Bahl,et al.  Towards highly reliable enterprise network services via inference of multi-level dependencies , 2007, SIGCOMM '07.

[4]  Obi Akonjang,et al.  SANE: A Protection Architecture For Enterprise Networks , 2007 .

[5]  Pekka Nikander,et al.  Host Identity Protocol (HIP) Architecture , 2006, RFC.

[6]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[7]  Paramvir Bahl,et al.  Discovering Dependencies for Network Management , 2006, HotNets.

[8]  Clifford Stein,et al.  Introduction to Algorithms, 2nd edition. , 2001 .

[9]  Tetsuji Takada,et al.  MieLog: A Highly Interactive Visual Log Browser Using Information Visualization and Statistical Analysis , 2002, LISA.

[10]  Tobias Oetiker Multi Router Traffic Grapher , 1998 .

[11]  Ehab Al-Shaer,et al.  PolicyVis: Firewall Security Policy Visualization and Inspection , 2007, LISA.

[12]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[13]  Andreas Paepcke,et al.  Visual Analysis of Network Flow Data with Timelines and Event Plots , 2007, VizSEC.

[14]  Ronald L. Rivest,et al.  Introduction to Algorithms, Second Edition , 2001 .

[15]  Tal Garfinkel,et al.  SANE: A Protection Architecture for Enterprise Networks , 2006, USENIX Security Symposium.

[16]  William Yurcik,et al.  Visualizing NetFlows for Security at Line Speed: The SIFT Tool Suite , 2005, LISA.

[17]  Tobias Oetiker,et al.  MRTG: The Multi Router Traffic Grapher , 1998, LISA.