Detecting Periodicity in Serial Data through Visualization

Detecting suspicious or malicious user behavior in large networks is an essential task for administrators which requires significant effort due to the huge amount of log data to be processed. However, several of these activities can be rapidly identified since they usually demonstrate periodic behavior. For instance, periodic activities by specific users accessing the billing system of a financial institution may conceal fraud. Detecting periodicity in user behavior not only offers security to the network, but may prevent future malicious activities. In this paper, we present visualization techniques that aim to detect authorized (or unauthorized) user activities that seem to appear at regular time intervals.

[1]  Satoru Kawai,et al.  An Algorithm for Drawing General Undirected Graphs , 1989, Inf. Process. Lett..

[2]  John T. Stasko,et al.  IDS rainStorm: visualizing IDS alarms , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[3]  Yuval Shahar,et al.  An intelligent, interactive tool for exploration and visualization of time-oriented security data , 2006, VizSEC '06.

[4]  Chris North,et al.  Root polar layout of Internet address data for security administration , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[5]  Grant Vandenberghe Network Traffic Exploration Application: A Tool to Assess, Visualize, and Analyze Network Security Events , 2008, VizSEC.

[6]  Peter Eades,et al.  A Heuristic for Graph Drawing , 1984 .

[7]  John V. Carlis,et al.  Interactive visualization of serial periodic data , 1998, UIST '98.

[8]  Edward M. Reingold,et al.  Graph drawing by force‐directed placement , 1991, Softw. Pract. Exp..

[9]  J. van Leeuwen,et al.  Drawing Graphs , 2001, Lecture Notes in Computer Science.

[10]  Heidrun Schumann,et al.  Visualization for modeling and simulation: visualization methods for time-dependent data - an overview , 2003, WSC '03.

[11]  Daniel A. Keim,et al.  Visualization of Host Behavior for Network Security , 2007, VizSEC.

[12]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.

[13]  Marc Alexa,et al.  Visualizing time-series on spirals , 2001, IEEE Symposium on Information Visualization, 2001. INFOVIS 2001..

[14]  Denis Lalanne,et al.  SpiralView: Towards Security Policies Assessment through Visual Correlation of Network Resources with Evolution of Alarms , 2007, 2007 IEEE Symposium on Visual Analytics Science and Technology.

[15]  Dirk Reiners,et al.  Exploring three-dimensional visualization for intrusion detection , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[16]  Robert F. Erbacher,et al.  Designing visualization capabilities for IDS challenges , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[17]  Oliver Niggemann,et al.  Supporting Intrusion Detection by Graph Clustering and Graph Drawing , 2000 .

[18]  Tiziana Catarci,et al.  Visualization of linear time-oriented data: a survey , 2000, Proceedings of the First International Conference on Web Information Systems Engineering.

[19]  Heidrun Schumann,et al.  Towards a conceptual framework for visual analytics of time and time-oriented data , 2007, 2007 Winter Simulation Conference.

[20]  Yifan Li,et al.  VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.

[21]  David Harel,et al.  Drawing graphs nicely using simulated annealing , 1996, TOGS.