Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Cyberspace Safety and Security

CSS 2013: Cyberspace Safety and Security pp 403–416Cite as

NetSecRadar: A Visualization System for Network Security Situational Awareness

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8300))

Abstract

Situational awareness is defined as the ability to effectively determine an overall computer network status based on relationships between security events in multiple dimensions. Unfortunately, as the lack of tools to synthetically analyze the security logs generated by kinds of network security products, such as NetFlow, Firewall and Host Security, it is difficult to monitor and perceive network security situational awareness. Information visualization allows users to discover and analyze large amounts of information through visual exploration and interaction efficiently. Even with the aid of visualization, identifying the attack patterns from big multi-source data and recognizing the abnormal from visual clutter are still challenges. In this paper, a novel visualization system, NetSecRadar, is proposed for network security situational awareness based on multi-source logs, which can monitor the network and perceive the overall view of the security situation by using radial graph. NetSecRadar utilizes a hierarchical force-directed graph layout for arrangement of thousands of hosts to better use the available screen space, and provides the method to quantify the dangerous levels of the security events, and finds the correlations of security events generated by multi-source logs and perceives the patterns of abnormal in situational awareness, and synthesizes interactions, filtering and drill-down to understand the detail information. To demonstrate the system’s capabilities, we utilize the VAST Challenge 2013 as case study.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. United States Department of Homeland Security. Team Coordination Training, Student Guide (May 2004)

    Google Scholar 

  2. Li, B., Springer, J., Bebis, G., et al.: A survey of network flow applications. Journal of Network and Computer Applications 36(2), 567–581 (2013)

    Article  Google Scholar 

  3. Li, X., Wang, Q., Yang, L., et al.: The Research on Network Security Visualization Key Technology. In: 2012 Fourth International Conference on Multimedia Information Networking and Security (MINES), pp. 983–988. IEEE (2012)

    Google Scholar 

  4. Hadi, S., Ali, S., Ali, A.G.: A Survey of Visualization Systems for Network Security. IEEE Transactions on Visualization and Computer Graphics 18(8), 1313–1329 (2012)

    Article  Google Scholar 

  5. Pin, R., Yan, G., Zhichun, L., Yan, C.: IDGraphs: intrusion detection and analysis using histographs. In: IEEE Workshop on Visualization for Computer Security, VizSEC 2005, Minneapolis, Minnesota, USA, October 26, pp. 39–46. IEEE Computer Society (2005)

    Google Scholar 

  6. Hideki, K., Kazuhiro, O., Kanba, K.: Visualizing Cyber Attacks using IP matrix. In: IEEE Workshop on Visualization for Computer Security, VizSEC 2005, Minneapolis, Minnesota, USA, October 26, pp. 91–98. IEEE Computer Society (2005)

    Google Scholar 

  7. Chris, P.L., Jason, T., Nicholas, G., Raheem, B., John, A.C.: Visual firewall: real-time network security monitor. In: IEEE Workshop on Visualization for Computer Security, VizSEC 2005, Minneapolis, Minnesota, USA, October 26, pp. 129–136. IEEE Computer Society (2005)

    Google Scholar 

  8. Bass, T.: Intrusion detection systems and multisensor data fusion. Communications of the ACM 43(4), 99–105 (2000)

    Article  Google Scholar 

  9. Lakkaraju, K., Yurcik, W., Lee, A.J.: NVisionIP: netflow visualizations of system state for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 65–72. ACM (2004)

    Google Scholar 

  10. Yin, X., Yurcik, W., Treaster, M., et al.: VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 26–34. ACM (2004)

    Google Scholar 

  11. Kulsoom, A., Chris, L., Gregory, C., John, A.C., John, S.: IDS RainStorm: visualizing IDS alarms. In: IEEE Workshop on Visualization for Computer Security, VizSEC 2005, Minneapolis, Minnesota, October 26, pp. 1–10. IEEE Computer Society (2005)

    Google Scholar 

  12. Hideki, K., Kazuhiro, O.: SnortView: visualization system of snort logs. In: The 2004 ACM Workshop on Visualization and Data Mining for Computer Security, VizSEC/DMSEC 2004, Washington, DC, USA, October 25-29, pp. 143–147. IEEE Computer Society (2004)

    Google Scholar 

  13. Shiravi, H., Shiravi, A., Ghorbani, A.A.: IDS alert visualization and monitoring through heuristic host selection. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 445–458. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Fuchs, J., Keim, D.A., Mansmann, F., et al.: BANKSAFE: A visual situational awareness tool for large-scale computer networks: VAST 2012 challenge award: Outstanding comprehensive submission, including multiple vizes. In: Proceedings of the 2012 IEEE Conference on Visual Analytics Science and Technology (VAST), pp. 257–258. IEEE Computer Society (2012)

    Google Scholar 

  15. Horn, C., D’Amico, A.: Visual analysis of goal-directed network defense decisions. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, p. 5. ACM (2011)

    Google Scholar 

  16. Liu, H., Gao, Y., Lu, L., et al.: Visual analysis of route diversity. In: 2011 IEEE Conference on Visual Analytics Science and Technology (VAST), pp. 171–180. IEEE (2011)

    Google Scholar 

  17. Alsallakh, B., Aigner, W., Miksch, S., et al.: Reinventing the contingency wheel: scalable visual analytics of large categorical data. IEEE Transactions on Visualization and Computer Graphics 18(12), 2849–2858 (2012)

    Article  Google Scholar 

  18. Keim, D.A., Mansmann, F., Schneidewind, J., et al.: Monitoring network traffic with radial traffic analyzer. In: 2006 IEEE Symposium on Visual Analytics Science and Technology, pp. 123–128. IEEE (2006)

    Google Scholar 

  19. Taylor, T., Paterson, D., Glanfield, J., et al.: Flovis: Flow visualization system. In: Cybersecurity Applications & Technology Conference for Homeland Security, CATCH 2009, pp. 186–198. IEEE (2009)

    Google Scholar 

  20. Livnat, Y., Agutter, J., Moon, S., et al.: A visualization paradigm for network intrusion detection. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005, pp. 92–99. IEEE (2005)

    Google Scholar 

  21. Yarden, L., Jim, A., Shaun, M., Stefano, F.: Visual correlation for situational awareness. In: IEEE Symposium on Information Visualization, INFOVIS 2005, Minneapolis, Minnesota, USA, October 23-25, pp. 95–102. IEEE Computer Society (2005)

    Google Scholar 

  22. Zhao, Y., Zhou, F.F., Fan, X.P., et al.: IDSRadar: a real-time visualization framework for IDS alerts. Science China Information Sciences, 1–12 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, Central South University, Changsha, China

    Fangfang Zhou, Ronghua Shi, Ying Zhao, Yezi Huang & Xing Liang

Authors
  1. Fangfang Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ronghua Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ying Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yezi Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xing Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Science and Engineering, Central South University, 410083, Changsha, Hunan, P.R. China

    Guojun Wang

  2. Computer Science Department, Colorado State University, 1873 Campus Delivery, 80523-1873, Fort Collins, CO, USA

    Indrakshi Ray

  3. Chinese Academy of Sciences, Institute of Software, 100190, Beijing, P.R. China

    Dengguo Feng

  4. information Security Group, City University London, EC1V 0HB, London, UK

    Muttukrishnan Rajarajan

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Zhou, F., Shi, R., Zhao, Y., Huang, Y., Liang, X. (2013). NetSecRadar: A Visualization System for Network Security Situational Awareness. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds) Cyberspace Safety and Security. CSS 2013. Lecture Notes in Computer Science, vol 8300. Springer, Cham. https://doi.org/10.1007/978-3-319-03584-0_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-03584-0_30

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-03583-3

  • Online ISBN: 978-3-319-03584-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation