NAVSEC: a recommender system for 3D network security visualizations

As network attacks increase in complexity, the ability to quickly analyze security data and mitigate the effect of these attacks becomes a difficult problem. To alleviate these challenges, researchers are looking into various two-dimensional (2D) and three-dimensional (3D) visualization tools to detect, identify, and analyze malicious attacks. These visualization tools often require advanced knowledge in networking, visualization, and information security to operate, navigate, and successfully examine malicious attacks. Novice users, deficient in the required advanced knowledge, may find navigation within these visualization tools difficult. Furthermore, expert users may be limited and costly. We discuss the use of a modern recommender system to aid in navigating within a complex 3D visualization for network security applications. We developed a visualization module called NAVSEC, a recommender system prototype for navigating in 3D network security visualization tools. NAVSEC recommends visualizations and interactions to novice users. Given visualization interaction input from a novice user and expert communities, NAVSEC is instrumental in reducing confusion for a novice user while navigating in a 3D visualization. We illustrate NAVSEC with a use-case from an emulated stealthy scanning attack disguised as a file transfer with multiple concurrent connections. We show that using NAVSEC, a novice user's visualization converges towards a visualization used to identify or detect a suspected attack by an expert user. As a result, NAVSEC can successfully guide the novice user in differentiating between complex network attacks and benign legitimate traffic with step-by-step created visualizations and suggested user interactions.

[1]  G. Conti,et al.  Real-time and forensic network data analysis using animated and coordinated visualization , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[2]  Colin Ware,et al.  Information Visualization: Perception for Design , 2000 .

[3]  Raheem A. Beyah,et al.  P3D: A parallel 3D coordinate visualization for advanced network scans , 2013, 2013 IEEE International Conference on Communications (ICC).

[4]  Safaa O. Al-Mamory,et al.  String matching enhancement for snort IDS , 2010, 5th International Conference on Computer Sciences and Convergence Information Technology.

[5]  Dirk Reiners,et al.  Exploring three-dimensional visualization for intrusion detection , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[6]  John McHugh,et al.  NetBytes Viewer: An Entity-Based NetFlow Visualization Utility for Identifying Intrusive Behavior , 2007, VizSEC.

[7]  Shumin Zhai,et al.  Representation Matters: The Effect of 3D Objects and a Spatial Metaphor in a Graphical User Interface , 1998, BCS HCI.

[8]  Kwan-Liu Ma,et al.  Visual Reasoning about Social Networks Using Centrality Sensitivity , 2012, IEEE Transactions on Visualization and Computer Graphics.

[9]  John T. Stasko,et al.  Attacking information visualization system usability overloading and deceiving the human , 2005, SOUPS '05.

[10]  Sindhu Kakuru Behavior based network traffic analysis tool , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[11]  Stephen Lau,et al.  The Spinning Cube of Potential Doom , 2004, CACM.

[12]  Kwan-Liu Ma,et al.  PortVis: a tool for port-based detection of security events , 2004, VizSEC/DMSEC '04.

[13]  Tovi Grossman,et al.  CommunityCommands: command recommendations for software applications , 2009, UIST '09.

[14]  Raheem A. Beyah,et al.  3DSVAT: A 3D Stereoscopic Vulnerability Assessment Tool for network security , 2012, 37th Annual IEEE Conference on Local Computer Networks.

[15]  Joseph E. Gonzalez,et al.  GraphLab: A New Parallel Framework for Machine Learning , 2010 .

[16]  Djamchid Ghazanfarpour,et al.  3D graph visualization prototype system for intrusion detection , 2015 .

[17]  Daniel A. Keim,et al.  Information Visualization and Visual Data Mining , 2002, IEEE Trans. Vis. Comput. Graph..

[18]  Tansel Özyer,et al.  A Movie Rating Prediction Algorithm with Collaborative Filtering , 2010, 2010 International Conference on Advances in Social Networks Analysis and Mining.

[19]  Changzhen Hu,et al.  NetVis: A network security management visualization tool based on treemap , 2010, 2010 2nd International Conference on Advanced Computer Control.

[20]  Colin Potts,et al.  Studying the evolution and enhancement of software features , 2000, Proceedings 2000 International Conference on Software Maintenance.

[21]  Kate Ehrlich,et al.  Nimble cybersecurity incident management through visualization and defensible recommendations , 2010, VizSec '10.

[22]  John R. Goodall,et al.  Visualization is better! A comparative evaluation , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[23]  Heejo Lee,et al.  Fast detection and visualization of network attacks on parallel coordinates , 2009, Comput. Secur..