A survey of security visualization for computer network logs

Network security is an important area in computer science. Although great efforts have already been made regarding security problems, networks are still threatened by all kinds of potential attacks, which may lead to huge damage and loss. Log files are main sources for security analysis. However, log files are not user friendly. It is laborious work to obtain useful information from log files. Compared with log files, visualization systems designed for security purposes provide more perceptive and effective sources for security analysis. Most security visualization systems are based on log files. In this paper, we provide a survey on visualization designs for computer network security. In this survey, we looked into different security visual analytics, and we organized them into five categories. Copyright © 2011 John Wiley & Sons, Ltd.

[1]  C. Hölscher Editorial , 2014, Alzheimer's & Dementia.

[2]  Kwan-Liu Ma,et al.  A visualization methodology for characterization of network scans , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[3]  Luc Girardin An Eye on Network Intruder-Administrator Shootouts , 1999, Workshop on Intrusion Detection and Network Monitoring.

[4]  Philip K. Chan,et al.  Learning Models of Network Traffic for Detecting Novel Attacks , 2002 .

[5]  Martin Feldhofer,et al.  On the security of RFID devices against implementation attacks , 2010, Int. J. Secur. Networks.

[6]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[7]  Ying Li,et al.  Enhancing Intrusion Detection System with proximity information , 2010, Int. J. Secur. Networks.

[8]  Jade Goldstein-Stewart,et al.  A Framework for Knowledge-based Interactive Data Exploration , 1994, J. Vis. Lang. Comput..

[9]  Sven Laur,et al.  User-aided data authentication , 2009, Int. J. Secur. Networks.

[10]  Beom-Hwan Chang,et al.  A Survey on Visualization for Wireless Security , 2008, 2008 Fourth International Conference on Networked Computing and Advanced Information Management.

[11]  Lillykutty Jacob,et al.  Secure hybrid routing with micro/macro-mobility handoff mechanisms for urban wireless mesh networks , 2008, Int. J. Secur. Networks.

[12]  Greg,et al.  Security data visualization : graphical techniques for network analysis , 2007 .

[13]  L. Sun,et al.  Security and privacy on low-cost Radio Frequency Identification systems , 2010, Int. J. Secur. Networks.

[14]  Bill Cheswick,et al.  Mapping and Visualizing the Internet , 2000, USENIX Annual Technical Conference, General Track.

[15]  Sunil Kumar,et al.  Vertical and horizontal synchronization services with outlier detection in underwater acoustic networks , 2008, Wirel. Commun. Mob. Comput..

[16]  Abdelmadjid Bouabdallah,et al.  TKS: a transition key management scheme for secure application level multicast , 2009, Int. J. Secur. Networks.

[17]  Hans-Peter Kriegel,et al.  Towards an Effective Cooperation of the Computer and the User for Classification , 2000, KDD 2000.

[18]  Krishna M. Sivalingam,et al.  An efficient One-Time Password authentication scheme using a smart card , 2009, Int. J. Secur. Networks.

[19]  Tzong-Chen Wu,et al.  Mutual anonymity protocol with integrity protection for mobile peer-to-peer networks , 2010, Int. J. Secur. Networks.

[20]  A. Tamilarasi,et al.  A backpressure technique for filtering spoofed traffic at upstream routers , 2010, Int. J. Secur. Networks.

[21]  Yang Xiao Accountability for wireless LANs, ad hoc networks, and wireless mesh networks , 2008, IEEE Communications Magazine.

[22]  Djamel Djenouri,et al.  Black-hole-resistant ENADAIR-based routing protocol for Mobile Ad hoc Networks , 2009, Int. J. Secur. Networks.

[23]  Shahram Latifi,et al.  An iris and retina multimodal biometric system , 2008, Int. J. Secur. Networks.

[24]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[25]  Adrian Perrig,et al.  Designing user studies for security applications: a case study with wireless network configuration , 2009, Int. J. Secur. Networks.

[26]  Panayotis G. Cottis,et al.  Overview of satellite communication networks security: introduction of EAP , 2009, Int. J. Secur. Networks.

[27]  Li Bai,et al.  A Proactive Secret Sharing Scheme in matrix projection method , 2009, Int. J. Secur. Networks.

[28]  Ren-Junn Hwang,et al.  An efficient secure data dissemination scheme for grid structure Wireless Sensor Networks , 2010, Int. J. Secur. Networks.

[29]  Kwan-Liu Ma,et al.  PortVis: a tool for port-based detection of security events , 2004, VizSEC/DMSEC '04.

[30]  Jie Wu,et al.  An efficient group key management scheme for mobile ad hoc networks , 2009, Int. J. Secur. Networks.

[31]  Ben Shneiderman,et al.  Tree-maps: a space-filling approach to the visualization of hierarchical information structures , 1991, Proceeding Visualization '91.

[32]  Sébastien Tricaud,et al.  Picviz: Finding a Needle in a Haystack , 2008, WASL.

[33]  Kien A. Hua,et al.  Considering both intra-pattern and inter-pattern anomalies for intrusion detection , 2002, 2002 IEEE International Conference on Data Mining, 2002. Proceedings..

[34]  Bo Sun,et al.  Integration of mobility and intrusion detection for wireless ad hoc networks: Research Articles , 2007 .

[35]  Yang Xiao,et al.  Integration of mobility and intrusion detection for wireless ad hoc networks , 2007, Int. J. Commun. Syst..

[36]  Yang Xiao,et al.  Detection of Fraudulent Usage in Wireless Networks , 2007, IEEE Transactions on Vehicular Technology.

[37]  D. McDowell Foreword , 1999 .

[38]  Chao Chen,et al.  On the scalability of Delay-Tolerant Botnets , 2010, Int. J. Secur. Networks.

[39]  Ron Kohavi,et al.  MineSet: An Integrated System for Data Mining , 1997, KDD.

[40]  Raheem A. Beyah,et al.  Visual firewall: real-time network security monitor , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[41]  Raheem A. Beyah,et al.  Using link RTT to passively detect unapproved wireless nodes , 2009, Int. J. Secur. Networks.

[42]  Ben Shneiderman,et al.  Designing the user interface (2nd ed.): strategies for effective human-computer interaction , 1992 .

[43]  Sukumar Nandi,et al.  Secure user-identification and key distribution scheme preserving anonymity , 2008, Int. J. Secur. Networks.

[44]  Kwan-Liu Ma,et al.  Case study: Interactive visualization for Internet security , 2002, IEEE Visualization, 2002. VIS 2002..

[45]  Kiseon Kim,et al.  Security assessments of IEEE 802.15.4 standard based on X.805 framework , 2010, Int. J. Secur. Networks.

[46]  Kwan-Liu Ma Visualization for security , 2004, COMG.

[47]  Mukesh Singhal,et al.  An escrow-less identity-based group-key agreement protocol for dynamic peer groups , 2009, Int. J. Secur. Networks.

[48]  Ju Wang,et al.  A cross-layer authentication design for secure video transportation in wireless sensor network , 2010, Int. J. Secur. Networks.

[49]  Robert F. Erbacher,et al.  Improving the computer forensic analysis process through visualization , 2006, CACM.

[50]  Ding-Zhu Du,et al.  An one-way function based framework for pairwise key establishment in sensor networks , 2008, Int. J. Secur. Networks.

[51]  Micah Sherr,et al.  On the (un)reliability of eavesdropping , 2008, Int. J. Secur. Networks.

[52]  Yang Xiao Flow-net methodology for accountability in wireless networks , 2009, IEEE Network.

[53]  Tamara Munzner,et al.  Exploring Large Graphs in 3D Hyperbolic Space , 1998, IEEE Computer Graphics and Applications.

[54]  B. Schneirdeman,et al.  Designing the User Interface: Strategies for Effective Human-Computer Interaction , 1998 .

[55]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[56]  T. J. Jankun-Kelly,et al.  Visual Data Analysis for Detecting Flaws and Intruders in Computer Network Systems , 2004 .

[57]  Thomas Magedanz,et al.  Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks , 2009, Int. J. Secur. Networks.

[58]  Claudio Soriente,et al.  Secure pairing of interface constrained devices , 2009, Int. J. Secur. Networks.

[59]  Bing Wu,et al.  Experimental analysis of application-level intrusion detection algorithms , 2010, Int. J. Secur. Networks.

[60]  Chris North,et al.  Bridging the Host-Network Divide: Survey, Taxonomy, and Solution , 2006, LISA.

[61]  Robin Berthier,et al.  An evaluation of connection characteristics for separating network attacks , 2009, Int. J. Secur. Networks.

[62]  Yacine Challal,et al.  Adaptive clustering for scalable key management in dynamic group communications , 2008, Int. J. Secur. Networks.

[63]  Xiaoqi Ma,et al.  Verifying security protocols by knowledge analysis , 2008, Int. J. Secur. Networks.

[64]  Victor C. M. Leung,et al.  Enhancing security using mobility-based anomaly detection in cellular mobile networks , 2006, IEEE Trans. Veh. Technol..

[65]  Padhraic Smyth,et al.  From Data Mining to Knowledge Discovery in Databases , 1996, AI Mag..

[66]  Farnam Jahanian,et al.  Internet routing instability , 1997, SIGCOMM '97.

[67]  Jeffrey C. Carver,et al.  Support for Computer Forensics Examination Planning with Domain Modeling: A Report of One Experiment Trial , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[68]  Padhraic Smyth,et al.  From Data Mining to Knowledge Discovery: An Overview , 1996, Advances in Knowledge Discovery and Data Mining.

[69]  Hideki Koike,et al.  Integrated visualization system for monitoring security in large-scale local area network , 2007, 2007 6th International Asia-Pacific Symposium on Visualization.

[70]  Tamara Munzner,et al.  Visualizing the global topology of the MBone , 1996, Proceedings IEEE Symposium on Information Visualization '96.

[71]  Yi-Bing Lin,et al.  NTP-DownloadT: a conformance test tool for secured mobile download services , 2008, Int. J. Secur. Networks.

[72]  Greg Conti Security data visualization , 2007 .

[73]  Fagen Li,et al.  ID-based threshold proxy signcryption scheme from bilinear pairings , 2008, Int. J. Secur. Networks.

[74]  Koji Koyamada,et al.  Hierarchical visualization of network intrusion detection data , 2006, IEEE Computer Graphics and Applications.

[75]  Jerzy W. Rozenblit,et al.  A hybrid intrusion detection and visualization system , 2006, 13th Annual IEEE International Symposium and Workshop on Engineering of Computer-Based Systems (ECBS'06).

[76]  Shiuh-Pyng Shieh,et al.  Authentication and secret search mechanisms for RFID-aware wireless sensor networks , 2010, Int. J. Secur. Networks.

[77]  Robert F. Mills,et al.  Analysing security risks in computer and Radio Frequency Identification (RFID) networks using attack and protection trees , 2010, Int. J. Secur. Networks.

[78]  Mark J. Rodrigues,et al.  Perceived barriers to the widespread commercial use of Radio Frequency Identification technology , 2010, Int. J. Secur. Networks.

[79]  Kwan-Liu Ma,et al.  Visual-Based Anomaly Detection for BGP Origin AS Change (OASC) Events , 2003, DSOM.

[80]  Yang Xiao,et al.  Building a wireless capturing tool for WiFi , 2009, Secur. Commun. Networks.

[81]  Hua Wang,et al.  Security and privacy in RFID systems: [special issue of International Journal of Security and Networks] , 2010 .

[82]  Jie Wu,et al.  PVFS: A Probabilistic Voting-based Filtering Scheme in Wireless Sensor Networks , 2008, Int. J. Secur. Networks.

[83]  Kwan-Liu Ma,et al.  Interactive Visualization for Network and Port Scan Detection , 2005, RAID.

[84]  Pin-Han Ho,et al.  A novel localised authentication scheme in IEEE 802.11 based Wireless Mesh Networks , 2008, Int. J. Secur. Networks.

[85]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[86]  Anup K. Ghosh,et al.  A Study in Using Neural Networks for Anomaly and Misuse Detection , 1999, USENIX Security Symposium.

[87]  Yang Xiao,et al.  Attacks and countermeasures in multi-hop Cognitive Radio Networks , 2009, Int. J. Secur. Networks.

[88]  Jie Wu,et al.  Clique-based group key assignment in Wireless Sensor Networks , 2008, Int. J. Secur. Networks.

[89]  Chao Chen,et al.  Deriving a closed-form expression for worm-scanning strategies , 2009, Int. J. Secur. Networks.

[90]  Tetsuji Takada,et al.  MieLog: A Highly Interactive Visual Log Browser Using Information Visualization and Statistical Analysis , 2002, LISA.

[91]  Christoph C. Michael Finding the vocabulary of program behavior data for anomaly detection , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[92]  Robert F. Mills,et al.  An FPGA-based system for tracking digital information transmitted via Peer-to-Peer protocols , 2012, Int. J. Secur. Networks.

[93]  Li Xu,et al.  Bloom filter based secure and anonymous DSR protocol in wireless ad hoc networks , 2010, Int. J. Secur. Networks.

[94]  Manmeet Mahinderjit Singh,et al.  Trust in RFID-enabled Supply-Chain Management , 2010, Int. J. Secur. Networks.

[95]  Ivan Herman,et al.  Graph Visualization and Navigation in Information Visualization: A Survey , 2000, IEEE Trans. Vis. Comput. Graph..

[96]  Pieter H. Hartel,et al.  Secure pairing with biometrics , 2009, Int. J. Secur. Networks.

[97]  William Yurcik,et al.  A Prototype Tool for Visual Data Mining of Network Traffic for Intrusion Detection , 2003 .

[98]  Michaël Rusinowitch,et al.  Efficient decision tree for protocol analysis in intrusion detection , 2010, Int. J. Secur. Networks.

[99]  Daisuke Takahashi,et al.  Retrieving knowledge from auditing log-files for computer and network forensics and accountability , 2008, Secur. Commun. Networks.

[100]  Sylvie Perreau,et al.  Detect DDoS flooding attacks in mobile ad hoc networks , 2010, Int. J. Secur. Networks.

[101]  Eyal de Lara,et al.  Proximity-based authentication of mobile devices , 2009, Int. J. Secur. Networks.

[102]  Keith Mayes,et al.  An RFID grouping proof protocol exploiting anti-collision algorithm for subgroup dividing , 2010, Int. J. Secur. Networks.

[103]  Indrajit Ray,et al.  Using mobile ad hoc networks to acquire digital evidence from remote autonomous agents , 2008, Int. J. Secur. Networks.

[104]  Adel Bouhoula,et al.  Firewall filtering rules analysis for anomalies detection , 2008, Int. J. Secur. Networks.

[105]  M. W. Raad A ubiquitous mobile telemedicine system for the elderly using RFID , 2010, Int. J. Secur. Networks.

[106]  Ming-Hour Yang,et al.  Lightweight authentication protocol for mobile RFID networks , 2010, Int. J. Secur. Networks.

[107]  N. Asokan,et al.  Standards for security associations in personal networks: a comparative analysis , 2009, Int. J. Secur. Networks.

[108]  Xiaowen Zhang,et al.  Looking at a class of RFID APs through GNY logic , 2010, Int. J. Secur. Networks.

[109]  Deborah A. Frincke,et al.  Intrusion and Misuse Detection in Large-Scale Systems , 2002, IEEE Computer Graphics and Applications.

[110]  Noureddine Boudriga,et al.  Visibility: a novel concept for characterising provable network digital evidences , 2009, Int. J. Secur. Networks.

[111]  T. J. Jankun-Kelly,et al.  CluVis: dual-domain visual exploration of cluster/network metadata , 2007, ACM-SE 45.

[112]  Claudio Soriente,et al.  Using audio in secure device pairing , 2009, Int. J. Secur. Networks.

[113]  Alfred Inselberg,et al.  Parallel coordinates: a tool for visualizing multi-dimensional geometry , 1990, Proceedings of the First IEEE Conference on Visualization: Visualization `90.

[114]  Kulsoom Abdullah,et al.  Passive visual fingerprinting of network attack tools , 2004, VizSEC/DMSEC '04.

[115]  Zhoujun Li,et al.  Enhanced McCullagh-Barreto identity-based key exchange protocols with master key forward security , 2010, Int. J. Secur. Networks.

[116]  Susana Garrido Azevedo,et al.  Radio frequency identification: a case study of healthcare organisations , 2010, Int. J. Secur. Networks.

[117]  Haiping Xu,et al.  Formal modelling and analysis of XML firewall for service-oriented systems , 2008, Int. J. Secur. Networks.

[118]  Kwan-Liu Ma Visualization: a quickly emerging field , 2004, COMG.

[119]  Yang Xiao,et al.  Vertical and horizontal synchronization services with outlier detection in underwater acoustic networks , 2008 .

[120]  Sujeet Shenoi,et al.  Forensic analysis of SCADA systems and networks , 2008, Int. J. Secur. Networks.

[121]  Bill N. Schilit,et al.  Place Lab: Device Positioning Using Radio Beacons in the Wild , 2005, Pervasive.

[122]  Johnny S. Wong,et al.  An agent-based framework for intrusion detection alert verification and event correlation , 2008, Int. J. Secur. Networks.

[123]  E. Todeva Networks , 2007 .

[124]  Yusheng Ji,et al.  Secure and efficient data transmission in RFID sensor networks , 2010, Int. J. Secur. Networks.

[125]  Robert F. Mills,et al.  Using PLSI-U to detect insider threats by datamining e-mail , 2008, Int. J. Secur. Networks.

[126]  Weili Wu,et al.  Handling inheritance violation for secure interoperation of heterogeneous systems , 2009, Int. J. Secur. Networks.

[127]  T. J. Jankun-Kelly,et al.  Detecting flaws and intruders with visual data analysis , 2004, IEEE Computer Graphics and Applications.

[128]  Hideki Koike,et al.  Tudumi: information visualization system for monitoring and auditing computer logs , 2002, Proceedings Sixth International Conference on Information Visualisation.

[129]  Kwan-Liu Ma,et al.  A visual exploration process for the analysis of Internet routing data , 2003, IEEE Visualization, 2003. VIS 2003..

[130]  Usama M. Fayyad,et al.  Mining Databases: Towards Algorithms for Knowledge Discovery , 1998, IEEE Data Eng. Bull..