Results 1 - 10
of
20
Enhancing visual analysis of network traffic using a knowledge representation
- IEEE SYMPOSIUM ONVISUAL ANALYTICS SCIENCE AND TECHNOLOGY
, 2006
"... The last decade has seen a rapid growth in both the volume and variety of network traffic, while at the same time, the need to analyze the traffic for quality of service, security, and misuse has become increasingly important. In this paper, we will present a traffic analysis system that couples vis ..."
Abstract
-
Cited by 24 (1 self)
- Add to MetaCart
The last decade has seen a rapid growth in both the volume and variety of network traffic, while at the same time, the need to analyze the traffic for quality of service, security, and misuse has become increasingly important. In this paper, we will present a traffic analysis system that couples visual analysis with a declarative knowledge representation based on first order logic. Our system supports multiple iterations of the sense-making loop of analytic reasoning, by allowing users to save their discoveries as they are found and to reuse them in future iterations. We will show how the knowledge base can be used to improve both the visual representations and the basic analytical tasks of filtering and changing level of detail. More fundamentally, the knowledge representation can be used to classify the traffic. We will present the results of applying the system to successfully classify 80 % of network traffic from one day in our laboratory.
A User-centered Look at Glyph-based Security Visualization
- In Proceedings of the 2005 Workshop on Visualization for Computer Security
, 2005
"... This paper presents the Intrusion Detection toolkit (IDtk), an information Visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identi- fied design guidelines to support ID users. ID analysts protect their networks by searching for e ..."
Abstract
-
Cited by 20 (0 self)
- Add to MetaCart
(Show Context)
This paper presents the Intrusion Detection toolkit (IDtk), an information Visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identi- fied design guidelines to support ID users. ID analysts protect their networks by searching for evidence of attacks in ID system output, firewall and system logs, and other complex, textual data sources. Monitoring and analyzing these sources incurs a heavy cognitive load for analysts. The use of information visualization techniques offers a valuable addition to the toolkit of the ID analyst. Several visualization techniques for ID have been developed, but few usability or field studies have been completed to assess the needs of ID analysts and the usability and usefulness of these tools. We intended to fill this gap by applying a user-centered design process in the development and evaluation of IDtk, a 3D, glyph-based visualization tool that gives the user maximum flexibility in setting up how the visualization display represents ID data. The user can also customize whether the display is a simple, high-level overview to support monitoring, or a more complex 3D view allowing for viewing the data from multiple angles and thus supporting analysis and diagnosis. This flexibility was found crucial in our usability evaluation.
Interactive visualization for network and port scan detection
- In Proceedings of 2005 Recent Advances in Intrusion Detection
, 2005
"... Abstract. Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more ..."
Abstract
-
Cited by 16 (1 self)
- Add to MetaCart
(Show Context)
Abstract. Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network. Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.
The Added Value of Eye Tracking in the Usability Evaluation of a Network Management Tool
"... Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial advantage, that the copies bear this notice and the full citation on the first page. Copyrights for ..."
Abstract
-
Cited by 7 (1 self)
- Add to MetaCart
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial advantage, that the copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than SAICSIT or the ACM must be honoured. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee.
Glyph-Based Generic Network Visualization
- Proc. SPIE Conference on Visualization and Data Analysis
, 2002
"... Network managers and system administrators have an enormous task set before them in this day of growing network usage. This is particularly true of e-commerce companies and others dependent on a computer network for their livelihood. Network managers and system administrators must monitor activity f ..."
Abstract
-
Cited by 6 (0 self)
- Add to MetaCart
Network managers and system administrators have an enormous task set before them in this day of growing network usage. This is particularly true of e-commerce companies and others dependent on a computer network for their livelihood. Network managers and system administrators must monitor activity for intrusions and misuse while at the same time monitoring performance of the network. In this paper, we describe our visualization techniques for assisting in the monitoring of networks for both of these tasks. The goal of these visualization techniques is to integrate the visual representation of both network performance/usage as well as data relevant to intrusion detection. The main difficulties arise from the difference in the intrinsic data and layout needs of each of these tasks. Glyph based techniques are additionally used to indicate the representative values of the necessary data parameters over time. Additionally, our techniques are geared towards providing an environment that can be used continuously for constant real-time monitoring of the network environment.
The Visualisation of Application Delay Metrics for a Customer Network
"... ABSTRACT – Application services are fundamental network components that allow organizations the ability to operate efficiently. It has become essential for organizations to monitor the performance of these critical applications. Traditional network analysis tools, however, cannot cope with the size ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
ABSTRACT – Application services are fundamental network components that allow organizations the ability to operate efficiently. It has become essential for organizations to monitor the performance of these critical applications. Traditional network analysis tools, however, cannot cope with the size of today’s network infrastructures and the volume of network data generated. The goal of this paper is to discuss the development of a visualisation system, called AppVis, that uses new information visualisation techniques to enable UPE to effectively visualise the application delay performance of the ITS application implemented on the network.
An Extended Platter Metaphor for Effective Reconfigurable Network
- Visualization.” 8th International Conference on Information Visualization (IV
, 2004
"... We adapt the Flodar [6] metaphor to visualize dynamic networks and present experimental results on the effectiveness of this approach. Dynamic reconfig-uration of networks enable rapid optimization of per-formance of a network, however, it poses several management difficulties when user intervention ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
We adapt the Flodar [6] metaphor to visualize dynamic networks and present experimental results on the effectiveness of this approach. Dynamic reconfig-uration of networks enable rapid optimization of per-formance of a network, however, it poses several management difficulties when user intervention is required to resolve complex routing problems. Our metaphor scales well for networks of varying size, addresses the cluttering problem seen in past metaphors and maintains the overall network context while providing additional support for navigation and interaction. We apply the metaphor to three dynamic reconfiguration management tasks and show how these tasks are visually represented with our approach. We conducted an experiment with network administrators and researchers as subjects. A good understanding of network conditions portrayed in the metaphor was achieved within a short period. 1.
unknown title
"... Network management (NM) tools have been developed to analyse the large amount of data generated by network applications and to display the data using information visualisation techniques. The general increase in the use of information visualisation techniques has highlighted the need for principles ..."
Abstract
- Add to MetaCart
(Show Context)
Network management (NM) tools have been developed to analyse the large amount of data generated by network applications and to display the data using information visualisation techniques. The general increase in the use of information visualisation techniques has highlighted the need for principles and methodologies for the evaluation of NM tools. The usability evaluation of NM tools is traditionally conducted by means of task performance measures and subjective measures such as questionnaires. Eye movement data can supplement the data obtained through user testing by providing more specific information about the user’s mental processes. This paper discusses a methodology that combines traditional usability methods and eye tracking methods for the usability evaluation of the visualisation techniques used by NM tools. Preliminary results from a pilot study show that eye tracking does provide additional value to the usability evaluation of NM tools.
Traffic Monitoring∗
"... SUMMARY With the multiplication of attacks against com-puter networks, system administrators are required to monitor carefully the traffic exchanged by the networks they manage. However, that monitoring task is increasingly laborious because of the augmentation of the amount of data to analyze. And ..."
Abstract
- Add to MetaCart
(Show Context)
SUMMARY With the multiplication of attacks against com-puter networks, system administrators are required to monitor carefully the traffic exchanged by the networks they manage. However, that monitoring task is increasingly laborious because of the augmentation of the amount of data to analyze. And that trend is going to intensify with the explosion of the num-ber of devices connected to computer networks along with the global rise of the available network bandwidth. So system ad-ministrators now heavily rely on automated tools to assist them and simplify the analysis of the data. Yet, these tools provide limited support and, most of the time, require highly skilled op-erators. Recently, some research teams have started to study the application of visualization techniques to the analysis of network traffic data. We believe that this original approach can also al-low system administrators to deal with the large amount of data they have to process. In this paper, we introduce a tool for net-work traffic monitoring using visualization techniques that we developed in order to assist the system administrators of our cor-porate network. We explain how we designed the tool and some of the choices we made regarding the visualization techniques to use. The resulting tool proposes two linked representations of the network traffic and activity, one in 2D and the other in 3D. As 2D and 3D visualization techniques have different assets, we resulted in combining them in our tool to take advantage of their complementarity. We finally tested our tool in order to evaluate the accuracy of our approach. key words: visualization, interactivity, network, monitoring, security
