Abstract
Situational awareness is defined as the ability to effectively determine an overall computer network status based on relationships between security events in multiple dimensions. Unfortunately, as the lack of tools to synthetically analyze the security logs generated by kinds of network security products, such as NetFlow, Firewall and Host Security, it is difficult to monitor and perceive network security situational awareness. Information visualization allows users to discover and analyze large amounts of information through visual exploration and interaction efficiently. Even with the aid of visualization, identifying the attack patterns from big multi-source data and recognizing the abnormal from visual clutter are still challenges. In this paper, a novel visualization system, NetSecRadar, is proposed for network security situational awareness based on multi-source logs, which can monitor the network and perceive the overall view of the security situation by using radial graph. NetSecRadar utilizes a hierarchical force-directed graph layout for arrangement of thousands of hosts to better use the available screen space, and provides the method to quantify the dangerous levels of the security events, and finds the correlations of security events generated by multi-source logs and perceives the patterns of abnormal in situational awareness, and synthesizes interactions, filtering and drill-down to understand the detail information. To demonstrate the system’s capabilities, we utilize the VAST Challenge 2013 as case study.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
United States Department of Homeland Security. Team Coordination Training, Student Guide (May 2004)
Li, B., Springer, J., Bebis, G., et al.: A survey of network flow applications. Journal of Network and Computer Applications 36(2), 567–581 (2013)
Li, X., Wang, Q., Yang, L., et al.: The Research on Network Security Visualization Key Technology. In: 2012 Fourth International Conference on Multimedia Information Networking and Security (MINES), pp. 983–988. IEEE (2012)
Hadi, S., Ali, S., Ali, A.G.: A Survey of Visualization Systems for Network Security. IEEE Transactions on Visualization and Computer Graphics 18(8), 1313–1329 (2012)
Pin, R., Yan, G., Zhichun, L., Yan, C.: IDGraphs: intrusion detection and analysis using histographs. In: IEEE Workshop on Visualization for Computer Security, VizSEC 2005, Minneapolis, Minnesota, USA, October 26, pp. 39–46. IEEE Computer Society (2005)
Hideki, K., Kazuhiro, O., Kanba, K.: Visualizing Cyber Attacks using IP matrix. In: IEEE Workshop on Visualization for Computer Security, VizSEC 2005, Minneapolis, Minnesota, USA, October 26, pp. 91–98. IEEE Computer Society (2005)
Chris, P.L., Jason, T., Nicholas, G., Raheem, B., John, A.C.: Visual firewall: real-time network security monitor. In: IEEE Workshop on Visualization for Computer Security, VizSEC 2005, Minneapolis, Minnesota, USA, October 26, pp. 129–136. IEEE Computer Society (2005)
Bass, T.: Intrusion detection systems and multisensor data fusion. Communications of the ACM 43(4), 99–105 (2000)
Lakkaraju, K., Yurcik, W., Lee, A.J.: NVisionIP: netflow visualizations of system state for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 65–72. ACM (2004)
Yin, X., Yurcik, W., Treaster, M., et al.: VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 26–34. ACM (2004)
Kulsoom, A., Chris, L., Gregory, C., John, A.C., John, S.: IDS RainStorm: visualizing IDS alarms. In: IEEE Workshop on Visualization for Computer Security, VizSEC 2005, Minneapolis, Minnesota, October 26, pp. 1–10. IEEE Computer Society (2005)
Hideki, K., Kazuhiro, O.: SnortView: visualization system of snort logs. In: The 2004 ACM Workshop on Visualization and Data Mining for Computer Security, VizSEC/DMSEC 2004, Washington, DC, USA, October 25-29, pp. 143–147. IEEE Computer Society (2004)
Shiravi, H., Shiravi, A., Ghorbani, A.A.: IDS alert visualization and monitoring through heuristic host selection. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 445–458. Springer, Heidelberg (2010)
Fuchs, J., Keim, D.A., Mansmann, F., et al.: BANKSAFE: A visual situational awareness tool for large-scale computer networks: VAST 2012 challenge award: Outstanding comprehensive submission, including multiple vizes. In: Proceedings of the 2012 IEEE Conference on Visual Analytics Science and Technology (VAST), pp. 257–258. IEEE Computer Society (2012)
Horn, C., D’Amico, A.: Visual analysis of goal-directed network defense decisions. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, p. 5. ACM (2011)
Liu, H., Gao, Y., Lu, L., et al.: Visual analysis of route diversity. In: 2011 IEEE Conference on Visual Analytics Science and Technology (VAST), pp. 171–180. IEEE (2011)
Alsallakh, B., Aigner, W., Miksch, S., et al.: Reinventing the contingency wheel: scalable visual analytics of large categorical data. IEEE Transactions on Visualization and Computer Graphics 18(12), 2849–2858 (2012)
Keim, D.A., Mansmann, F., Schneidewind, J., et al.: Monitoring network traffic with radial traffic analyzer. In: 2006 IEEE Symposium on Visual Analytics Science and Technology, pp. 123–128. IEEE (2006)
Taylor, T., Paterson, D., Glanfield, J., et al.: Flovis: Flow visualization system. In: Cybersecurity Applications & Technology Conference for Homeland Security, CATCH 2009, pp. 186–198. IEEE (2009)
Livnat, Y., Agutter, J., Moon, S., et al.: A visualization paradigm for network intrusion detection. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005, pp. 92–99. IEEE (2005)
Yarden, L., Jim, A., Shaun, M., Stefano, F.: Visual correlation for situational awareness. In: IEEE Symposium on Information Visualization, INFOVIS 2005, Minneapolis, Minnesota, USA, October 23-25, pp. 95–102. IEEE Computer Society (2005)
Zhao, Y., Zhou, F.F., Fan, X.P., et al.: IDSRadar: a real-time visualization framework for IDS alerts. Science China Information Sciences, 1–12 (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhou, F., Shi, R., Zhao, Y., Huang, Y., Liang, X. (2013). NetSecRadar: A Visualization System for Network Security Situational Awareness. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds) Cyberspace Safety and Security. CSS 2013. Lecture Notes in Computer Science, vol 8300. Springer, Cham. https://doi.org/10.1007/978-3-319-03584-0_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-03584-0_30
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03583-3
Online ISBN: 978-3-319-03584-0
eBook Packages: Computer ScienceComputer Science (R0)