Abstract
We present an innovative approach to NetFlow data processing and visualization developed at Masaryk University in Brno. Our visualization method based on graphs bridges the gap between highly aggregated information visualization represented by charts and too much detailed information represented by the log files. In our visualization method the graph nodes stand for network devices and oriented edges represent communication between these devices. We also present the utilization of external data sources (DNS, port names, etc.), which helps to present NetFlow data in more intuitive way. Hence this approach is very natural one for both network administrators and non-specialists. Based on these methods a proof-of-concept tool called NetFlow Visualizer has been developed and is now offered as an plug-in for the NetFlow probes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cisco Systems: Cisco IOS NetFlow (2007), http://www.cisco.com/go/netflow
Haag, P.: NfSen - NetFlow Sensor (2007), http://nfsen.sourceforge.net
Robinson, N., Scaparra, J.: Interactive Network Active-traffic Visualization (INAV), http://inav.scaparra.com/docs/whitePapers/INAV.pdf
Cornell University, Department of Computer Science: Netview, http://netview.gforge.cis.cornell.edu/index.php
Jcap project team: jpcap – a network packet capture library, http://jpcap.sourceforge.net/
Chinchor, N., Hanrahan, P., Robertson, G., Rose, R.: Illuminating the Path: The Research and Development Agenda for Visual Analytics. National Visualization and Analytics Center (2006)
Berkeley Institute of Design: The Prefuse Visualization Toolkit, http://www.prefuse.org
Mycroft Mind Inc.: Mycroft Mind Inc. Company Profile, http://www.mycroftmind.com
Mycroft Mind Inc.: NetFlow Visualizer, http://www.mycroftmind.com/products:nfvis
INVEA-TECH Inc.: INVEA-TECH Inc. Company Profile, http://www.invea.cz/main/home
Čeleda, P., Kováčik, M., Koníř, T., Krmíček, V., Špringl, P., Žádník, M.: FlowMon Probe. Technical Report 31/2006, CESNET, z. s. p. o. (2006) http://www.cesnet.cz/doc/techzpravy/2006/flowmon-probe
Haag, P.: NFDUMP - NetFlow processing tools (2007), http://nfdump.sourceforge.net
Graph Drawing Steering Committee: GraphML format, http://graphml.graphdrawing.org
Agent Technology Group, Gerstner Laboratory, Czech Technical University in Prague and Institute of Computer Science, Masaryk University in Brno: CAMNEP (Cooperative Adaptive Mechanism for NEtwork Protection) project web page, http://agents.felk.cvut.cz/projects/camnep
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Minarik, P., Dymacek, T. (2008). NetFlow Data Visualization Based on Graphs. In: Goodall, J.R., Conti, G., Ma, KL. (eds) Visualization for Computer Security. VizSec 2008. Lecture Notes in Computer Science, vol 5210. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85933-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-85933-8_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85931-4
Online ISBN: 978-3-540-85933-8
eBook Packages: Computer ScienceComputer Science (R0)