STARMINE: a visualization system for cyber attacks

In cyber attack monitoring systems, various types of visualizations, such as geographical visualization, temporal visualization, logical visualization, are being used. Each visualization has its own advantages and disadvantages. Since it is important to analyze the information from different viewpoints and to make a right decision in practical cyber attack monitoring, these visualization should be highly integrated.This paper describes a visualization system for cyber threat monitoring named STARMINE, which integrates three different views, that is geographical, temporal, and logical views, of the cyber threat in 3-D space. Since three views are seen simultaneously and are synchronized, it is helpful for administrators to analyze the threats much more easily. As an example, the propagation of Sasser.D worm were shown.

[1]  Zhao Jun Distributed Intrusion Detection System , 2006 .

[2]  Hideki Koike,et al.  IPMatrix: an effective visualization framework for cyber threat monitoring , 2005, Ninth International Conference on Information Visualisation (IV'05).

[3]  Hideki Koike,et al.  The Relationship Between Virus Spread Process and The Infected Number of Countries , 2004 .

[4]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[5]  Richard May,et al.  The STARLIGHT information visualization system , 1997, Proceedings. 1997 IEEE Conference on Information Visualization (Cat. No.97TB100165).

[6]  Hideki Koike,et al.  SnortView: visualization system of snort logs , 2004, VizSEC/DMSEC '04.

[7]  Hideki Koike,et al.  Tudumi: information visualization system for monitoring and auditing computer logs , 2002, Proceedings Sixth International Conference on Information Visualisation.

[8]  Yifan Li,et al.  VisFlowConnect: providing security situational awareness by visualizing network traffic flows , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[9]  Heidrun Schumann,et al.  3D information visualization for time dependent data on maps , 2005, Ninth International Conference on Information Visualisation (IV'05).