Preserving the Big Picture: Visual Network Traffic Analysis with TN

Minneapolis, Minnesota October 26-October 26

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/VIZSEC.2005.17

IEEE Workshops on Visualization for C ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by John R. Goodall Articles by Wayne G. Lutters Articles by Penny Rheingans Articles by Anita Komlodi

	ASCII Text	x
	John R. Goodall, Wayne G. Lutters, Penny Rheingans, Anita Komlodi, "Preserving the Big Picture: Visual Network Traffic Analysis with TN," Visualization for Computer Security, IEEE Workshops on, pp. 6, IEEE Workshops on Visualization for Computer Security (VizSec'05), 2005.

	BibTex	x
	@article{ 10.1109/VIZSEC.2005.17, author = {John R. Goodall and Wayne G. Lutters and Penny Rheingans and Anita Komlodi}, title = {Preserving the Big Picture: Visual Network Traffic Analysis with TN}, journal ={Visualization for Computer Security, IEEE Workshops on}, volume = {0}, year = {2005}, isbn = {0-7803-9477-1}, pages = {6}, doi = {http://doi.ieeecomputersociety.org/10.1109/VIZSEC.2005.17}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Visualization for Computer Security, IEEE Workshops on TI - Preserving the Big Picture: Visual Network Traffic Analysis with TN SN - 0-7803-9477-1 SP EP A1 - John R. Goodall, A1 - Wayne G. Lutters, A1 - Penny Rheingans, A1 - Anita Komlodi, PY - 2005 KW - Network visualization KW - network analysis KW - information visualization KW - intrusion detection VL - 0 JA - Visualization for Computer Security, IEEE Workshops on ER -

John R. Goodall, University of Maryland, Baltimore County

Wayne G. Lutters, University of Maryland, Baltimore County

Penny Rheingans, University of Maryland, Baltimore County

Anita Komlodi, University of Maryland, Baltimore County

When performing packet-level analysis in intrusion detection, analysts often lose sight of the "big picture" while examining these low-level details. In order to prevent this loss of context and augment the available tools for intrusion detection analysis tasks, we developed an information visualization tool, the Time-based Network traffic Visualizer (TNV). TNV is grounded in an understanding of the work practices of intrusion detection analysts, particularly foregrounding the overarching importance of context and time in the process of intrusion detection analysis. The main visual component of TNV is a matrix showing network activity of hosts over time, with connections between hosts superimposed on the matrix, complemented by multiple, linked views showing port activity and the details of the raw packets. Providing low-level textual data in the context of a high-level, aggregated graphical display enables analysts to examine packetlevel details within the larger context of activity. This combination has the potential to facilitate the intrusion detection analysis tasks and help novice analysts learn what constitutes "normal" on a particular network.

Index Terms:

Network visualization, network analysis, information visualization, intrusion detection

Citation:

John R. Goodall, Wayne G. Lutters, Penny Rheingans, Anita Komlodi, "Preserving the Big Picture: Visual Network Traffic Analysis with TN," vizsec, pp.6, IEEE Workshops on Visualization for Computer Security (VizSec'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.