VisFlowConnect: netflow visualizations of link relationships for security situational awareness. We present a visualization design to enhance the ability of an administrator to detect and investigate anomalous traffic between a local network and external domains. Central to the design is a parallel axes view which displays NetFlow records as links between two machines or domains while employing a variety of visual cues to assist the user. We describe several filtering options that can be employed to hide uninteresting or innocuous traffic such that the user can focus his or her attention on the more unusual network flows. This design is implemented in the form of VisFlowConnect, a prototype application which we used to study the effectiveness of our visualization approach. Using VisFlowConnect, we were able to discover a variety of interesting network traffic patterns. Some of these were harmless, normal behavior, but some were malicious attacks against machines on the network.
Keywords for this software
References in zbMATH (referenced in 3 articles )
Showing results 1 to 3 of 3.
- Braun, Lothar; Volke, Mario; Schlamp, Johann; von Bodisco, Alexander; Carle, Georg: Flow-inspector: a framework for visualizing network flow data using current web technologies (2014) ioport
- Glatz, Eduard; Mavromatidis, Stelios; Ager, Bernhard; Dimitropoulos, Xenofontas: Visualizing big network traffic data using frequent pattern mining and hypergraphs (2014) ioport
- Woo, Jiyoung; Kang, Hyun Jae; Kang, Ah Reum; Kwon, Hyukmin; Kim, Huy Kang: Who Is sending a spam email: clustering and characterizing spamming hosts (2014) ioport