NetViewer: A Network Traffic Visualization and Analysis Tool

The frequent and large-scale network attacks have led to an increased need for developing techniques for analyzing network traffic. If efficient analysis tools were available, it could become possible to detect the attacks, anomalies and to appropriately take action to contain the attacks before they have had time to propagate across the network. This paper describes NetViewer, a network monitoring tool that can simultaneously detect, identify and visualize attacks and anomalous traffic in real-time by passively monitoring packet headers. NetViewer represents the traffic data as images, enabling the application of image/video processing techniques for the analysis of network traffic. NetViewer is released free to the general public. By employing a freely available visualization tool, the users of NetViewer can comprehend the characteristics of the network traffic observed in the aggregate. NetViewer can be employed to detect and identify network anomalies such as DoS/DDoS attacks, worms and flash crowds. NetViewer can also provide information on traffic distributions over IP address/port number domains, utilization of link capacity and effectiveness of Quality of Service policies.

[1]  Edward J. Delp,et al.  A fast algorithm for video parsing using MPEG compressed sequences , 1995, Proceedings., International Conference on Image Processing.

[2]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[3]  Aleksandar Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks and counter strategies , 2006, IEEE/ACM Trans. Netw..

[4]  Atreyi Kankanhalli,et al.  Automatic partitioning of full-motion video , 1993, Multimedia Systems.

[5]  Wolfgang Effelsberg,et al.  On the detection and recognition of television commercials , 1997, Proceedings of IEEE International Conference on Multimedia Computing and Systems.

[6]  Dan Schonfeld,et al.  Statistical sequential analysis for real-time video scene change detection on compressed multimedia bitstream , 2003, IEEE Trans. Multim..

[7]  Ilkka Norros,et al.  Testing the Gaussian approximation of aggregate traffic , 2002, IMW '02.

[8]  Angelos D. Keromytis,et al.  The effect of DNS delays on worm propagation in an IPv6 Internet , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[9]  Chandrika Kamath,et al.  Block Matching for Object Tracking , 2003 .

[10]  A. L. Narasimha Reddy,et al.  Identifying Long-Term High-Bandwidth Flows at a Router , 2001, HiPC.

[11]  George Varghese,et al.  Automatically inferring patterns of resource consumption in network traffic , 2003, SIGCOMM '03.

[12]  Marina Vannucci,et al.  Detecting Traffic Anomalies Using Discrete Wavelet Transform , 2004, ICOIN.

[13]  David Plonka,et al.  FlowScan: A Network Traffic Flow Reporting and Visualization Tool , 2000, LISA.