Abstract
Analyzing network data is one of the important means to safeguard network security. However, how to detect anomalies and trace back the origin of attacks in the enlarging scale of network data is still a challenge now. This paper designs and implements a network visualization system, which meets three main requirements: the situation awareness of the whole network, the rapid detection of anomalies, and the track of attack source. To combine multiple visualization technologies reasonably, the system provides information from three levels. It also uses unsupervised learning methods to detect anomalies in different ways. Therefore, the system enhances the ability of identifying abnormal behaviors from network data. Its efficiency is tested by the usage of data in the ChinaVis 2016.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Arthur, D., Vassilvitskii, S.: k-means++: the advantages of careful seeding. In: Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms. pp. 1027–1035. Society for Industrial and Applied Mathematics (2007)
Boschetti, A., Salgarelli, L., Muelder, C., Ma, K.L.: TVi: a visual querying system for network monitoring and anomaly detection. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, p. 1. ACM (2011)
Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2016)
Dumas, M., Robert, J.M., McGuffin, M.J.: Alertwheel: radial bipartite graph visualization applied to intrusion detection system alerts. IEEE Netw. 26(6), 12–18 (2012)
Fischer, F., Mansmann, F., Keim, D.A., Pietzko, S., Waldvogel, M.: Large-scale network monitoring for visual analysis of attacks. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 111–118. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85933-8_11
Hao, L., Healey, C.G., Hutchinson, S.E.: Ensemble visualization for cyber situation awareness of network security data. In: 2015 IEEE Symposium on Visualization for Cyber Security (VizSec) pp. 1–8. IEEE (2015)
Koike, H., Ohno, K., Koizumi, K.: Visualizing cyber attacks using IP matrix. In: IEEE Workshop on Visualization for Computer Security 2005 (VizSEC 05), pp. 91–98. IEEE (2005)
Leban, G., Zupan, B., Vidmar, G., Bratko, I.: Vizrank: data visualization guided by machine learning. Data Min. Knowl. Discov. 13(2), 119–136 (2006)
Livnat, Y., Agutter, J., Moon, S., Foresti, S.: Visual correlation for situational awareness. In: IEEE Symposium on Information Visualization 2005. INFOVIS 2005, pp. 95–102. IEEE (2005)
Ma, K.L.: Machine learning to boost the next generation of visualization technology. IEEE Comput. Graph. Appl. 27(5), 6–9 (2007)
Mansmann, F., Keim, D.A., North, S.C., Rexroad, B., Sheleheda, D.: Visual analysis of network traffic for resource planning, interactive monitoring, and interpretation of security threats. IEEE Trans. Visual. Comput. Graph. 13(6), 1105–1112 (2007)
McPherson, J., Ma, K.L., Krystosk, P., Bartoletti, T., Christensen, M.: Portvis: a tool for port-based detection of security events. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 73–81. ACM (2004)
Rousseeuw, P.J.: Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J. Comput. Appl. Math. 20, 53–65 (1987)
Shiravi, H., Shiravi, A., Ghorbani, A.A.: A survey of visualization systems for network security. IEEE Trans.Visual. Comput. Graph. 18(8), 1313–1329 (2012)
Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 305–316. IEEE (2010)
Talbot, J., Lee, B., Kapoor, A., Tan, D.S.: EnsembleMatrix: interactive visualization to support machine learning with multiple classifiers. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1283–1292. ACM (2009)
Zhao, Y., Liang, X., Wang, Y., Yang, M., Zhou, F., Fan, X.: MVsec: a novel multi-view visualization system for network security. In: Proceedings of Visual Analytics Science and Technology, pp. 7–8. IEEE Computer Society Press, Los Alamitos (2013)
Zhao, Y., Zhou, F., Fan, X., Liang, X., Liu, Y.: IDSRadar: a real-time visualization framework for IDS alerts. Sci. China Inf. Sci. 56(8), 1–12 (2013)
Zhou, F., Shi, R., Zhao, Y., Huang, Y., Liang, X.: NetSecRadar: a visualization system for network security situational awareness. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 403–416. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03584-0_30
Acknowledgments
Supported by National Key Research and Development Program of China (Grant No. 2017YFB0701900), National Nature Science Foundation of China (Grant No. 61100053) and CCF-Venustech Hongyan Research Initiative (2016-013). Thanks Prof. Xiaoru Yuan, Peking university and unknown reviewers for instruction.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Fan, X., Luo, W., Dong, X., Su, R. (2018). A Network Visualization System for Anomaly Detection and Attack Tracing. In: Zhou, Q., Gan, Y., Jing, W., Song, X., Wang, Y., Lu, Z. (eds) Data Science. ICPCSEE 2018. Communications in Computer and Information Science, vol 901. Springer, Singapore. https://doi.org/10.1007/978-981-13-2203-7_45
Download citation
DOI: https://doi.org/10.1007/978-981-13-2203-7_45
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-2202-0
Online ISBN: 978-981-13-2203-7
eBook Packages: Computer ScienceComputer Science (R0)