Real-time visualization of network behaviors for situational awareness
@inproceedings{Best2010RealtimeVO, title={Real-time visualization of network behaviors for situational awareness}, author={Daniel M. Best and Shawn Bohn and Douglas Love and Adam S. Wynne and William A. Pike}, booktitle={VizSec '10}, year={2010} }
Plentiful, complex, and dynamic data make understanding the state of an enterprise network difficult. Although visualization can help analysts understand baseline behaviors in network traffic and identify off-normal events, visual analysis systems often do not scale well to operational data volumes (in the hundreds of millions to billions of transactions per day) nor to analysis of emergent trends in real-time data. We present a system that combines multiple, complementary visualization…Â
58 Citations
NetVis: a Visualization Tool Enabling Multiple Perspectives of Network Traffic Data
- Computer ScienceTPCG
- 2013
This paper presents a novel framework designed to support multiple heterogeneous visualizations of network traffic data, NetVis, and shows that it is possible to use NetVis to detect unusual activity such as cyber attacks on a network.
Real-time visual analytics for event data streams
- Computer ScienceSAC '12
- 2012
This paper introduces the Event Visualizer, which is a loosely coupled modular system for collecting, processing, analyzing and visualizing dynamic real-time event data streams and provides an extensible framework with several interactive linked visualizations to focus on different aspects of the event data stream.
NStreamAware: real-time visual analytics for data streams to enhance situational awareness
- Computer ScienceVizSEC
- 2014
This work proposes a system that uses modern distributed processing technologies to analyze streams using stream slices, which are presented to analysts in a web-based visual analytics application, called NVisAware, and visually guides the user in the feature selection process to summarize the slices.
Dynamic Visual Analytics - Facing the Real-Time Challenge
- Computer ScienceExpanding the Frontiers of Visual Analytics and Visualization
- 2012
This book chapter defines dynamic visual analytics, discusses its key requirements and presents a pipeline focusing on the integration of human analysts in real-time applications, and demonstrates its applicability in a real- time monitoring scenario of server logs.
A reference web architecture and patterns for real-time visual analytics on large streaming data
- Computer ScienceElectronic Imaging
- 2013
The experience of building a reference web architecture for real-time visual analytics of streaming data, identify and discuss architectural patterns that address these challenges, and report on applying the reference architecture forreal-time Twitter monitoring and analysis.
Toward a visualization-supported workflow for cyber alert management using threat models and human-centered design
- Computer Science2017 IEEE Symposium on Visualization for Cyber Security (VizSec)
- 2017
This work reports on its work with cyber analysts to understand the analytic process and how one such model, the MITRE ATT&CK Matrix, is used to structure their analytic thinking, and presents efforts to map specific data needed by analysts into this threat model to inform their visualization designs.
StreamSqueeze: a dynamic stream visualization for monitoring of event data
- Computer ScienceVisualization and Data Analysis
- 2012
This work proposes a novel dynamic stream visualization called StreamSqueeze, which arranges items in several lists of various sizes and optimizes the positions within each list so that the transition of an item from one list to the other triggers least visual changes.
Finding anomalies in time-series using visual correlation for interactive root cause analysis
- Computer ScienceVizSec '13
- 2013
A visual analytics application to tackle the challenge of finding correlations and anomalies in large data sets by integrating similarity models and analytics combined with well-known, but task-adapted, time-series visualizations is developed.
CyberVis: Visualizing the potential impact of cyber attacks on the wider enterprise
- Computer Science2013 IEEE International Conference on Technologies for Homeland Security (HST)
- 2013
The CyberVis framework abstracts the visuals to show only noteworthy information about attack data and indicates potential impact both across the network and on enterprise tasks, and achieves this by combining traditional network diagram icons with Business Process Modeling and Notation.
Empirical Study of Focus-Plus-Context and Aggregation Techniques for the Visualization of Streaming Data
- Computer ScienceAVI
- 2020
Overall, the results show that a focus-plus-context design has little negative impact on the ability to successfully monitor and analyze streaming data, making it possible to show longer periods of time than other approaches, but visual aggregation can be problematic for trend recognition tasks.
References
SHOWING 1-10 OF 22 REFERENCES
FloVis: Flow Visualization System
- Computer Science2009 Cybersecurity Applications & Technology Conference for Homeland Security
- 2009
Preliminary results on the development of a suite of visualization tools that are intended to complement command linetools, such as those from the SiLK Tools, that are currently used by analysts to perform forensic analysis of NetFlow data are reported.
Visual Analysis of Network Flow Data with Timelines and Event Plots
- Computer ScienceVizSEC
- 2007
Isis is a system that uses progressive multiples of timelines and event plots to support the iterative investigation of intrusions by experienced analysts using network flow data and combines visual affordances with SQL to provide a flexible tool for investigation.
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
- Computer ScienceLISA
- 2000
FlowScan analyzes and reports on flow data exported by Internet Protocol routers, an assemblage of perl scripts and modules and is the glue that binds together other freely available components such as a flow collection engine, a high performance database, and a visualization tool.
Visualizing network data for intrusion detection
- Computer ScienceProceedings from the Sixth Annual IEEE SMC Information Assurance Workshop
- 2005
This paper addresses network traffic visualization techniques that aid an administrator in recognizing attacks in real time by improving upon current techniques that lack effectiveness due to an overemphasis on flow, nodes, or assumed familiarity with the attack tool.
Flodar: Flow Visualization of Network Traffic
- Computer ScienceIEEE Computer Graphics and Applications
- 1998
The author and his colleagues at the National Security Agency designed an application called Flodar (short for Flow Radar) that monitors the flow of network traffic and monitors the status of individual servers within the system.
LiveRAC: interactive visual exploration of system management time-series data
- Computer ScienceCHI
- 2008
This work presents LiveRAC, a visualization system that supports the analysis of large collections of system management time-series data consisting of hundreds of parameters across thousands of network devices, and conducts an informal longitudinal evaluation of the system to better understand which proposed visualization techniques were most useful in the target environment.
An extended platter metaphor for effective reconfigurable network visualization
- Computer ScienceProceedings. Eighth International Conference on Information Visualisation, 2004. IV 2004.
- 2004
This work adapts the Flodar (Swing, 1998) metaphor to visualize dynamic networks and applies the metaphor to three dynamic reconfiguration management tasks and shows how these tasks are visually represented with this approach.
A highly scalable model for network attack identification and path prediction
- Computer ScienceProceedings 2007 IEEE SoutheastCon
- 2007
This paper presents a technique to identify attacks on large networks using a highly scalable model, while filtering for false positives and negatives, and forecasts the propagation of the security failures proliferated by attacks over time and their likely targets in the future.
Multiple coordinated views for network attack graphs
- Computer Science, MathematicsIEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05).
- 2005
Improved visual clustering is applied to previously described network protection domains (attack graph cliques) and shows patterns of network attack while avoiding the clutter usually associated with drawing large graphs.
The MeDICi Integration Framework: A Platform for High Performance Data Streaming Applications
- Computer ScienceSeventh Working IEEE/IFIP Conference on Software Architecture (WICSA 2008)
- 2008
The MeDICi integration framework (MIF) is described, which is a middleware platform that extends an open source messaging platform with a component-based API for integrating components into analytical pipelines and has been used to build a production analytical application for detecting cyber security attacks.