Visual Support for Analyzing Network Traffic and Intrusion Detection Events using TreeMap and Graph Representations

Similar documents
Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks

NStreamAware: Real-Time Visual Analytics for Data Streams to Enhance Situational Awareness

Visualization for Network Traffic Monitoring & Security

A Visualization Technique for Monitoring of Network Flow Data

Simplified Network Traffic Visualization for Real-Time Security Analysis

Exploring Big Data using Visual Analytics

Visual Analytics: Towards Intelligent Interactive Internet and Security Solutions

Visual Analysis of Network Traffic for Resource Planning, Interactive Monitoring, and Interpretation of Security Threats

A Framework for Effective Alert Visualization. SecureWorks 11 Executive Park Dr Atlanta, GA {ubanerjee,

Graph Drawing for Security Visualization

Information Visualisation and Visual Analytics for Governance and Policy Modelling

Security Event Management. February 7, 2007 (Revision 5)

Visualization of Software

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

NVisionIP: An Interactive Network Flow Visualization Tool for Security

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Monitoring Network Traffic with Radial Traffic Analyzer

An example. Visualization? An example. Scientific Visualization. This talk. Information Visualization & Visual Analytics. 30 items, 30 x 3 values

The Evolution of Information Security at Wayne State University

Desktop Security. Overview and Technology Guidance. Michael Ramsey Network Specialist, NC DPI

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

Flexible Web Visualization for Alert-Based Network Security Analytics

Network Performance Monitoring at Minimal Capex

An Adaptable Innovative Visualization For Multiple Levels of Users

INSIDER THREAT ANALYSIS USING INFORMATION-CENTRIC MODELING

Reference Architecture: Enterprise Security For The Cloud

Dell SonicWALL report portfolio

NetBytes Viewer: An Entity-based NetFlow Visualization Utility for Identifying Intrusive Behavior

NSC E

VisFlowConnect-IP: A Link-Based Visualization of NetFlows for Security Monitoring

Second-generation (GenII) honeypots

Overview. Security System Administration

2010 White Paper Series. Layer 7 Application Firewalls

2 Technologies for Security of the 2 Internet

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

End-user Security Analytics Strengthens Protection with ArcSight

Edge Configuration Series Reporting Overview

Firewall Tips & Tricks. Paul Asadoorian Network Security Engineer Brown University November 20, 2002

Graph Drawing for Security Visualization

INFORMATION VISUALIZATION TECHNIQUES USAGE MODEL

Nfsight: NetFlow-based Network Awareness Tool

Visual Analysis of Complex Firewall Configurations

Visualizing Big Network Traffic Data using Frequent Pattern Mining and Hypergraphs

Sharing Intelligence is our Best Defense: Cyber Security Today Is a bit Like the Keystone Cops

Visualization of Host Behavior for Network Security

Information Security Attack Tree Modeling for Enhancing Student Learning

High Speed Data Transfer from the APS. Kenneth Sidorowicz September 27, 2006

NVisionIP and VisFlowConnect-IP: Two Tools for Visualizing NetFlows for Security

Development of a Network Intrusion Detection System

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Network Intrusion Analysis (Hands-on)

Visualization of Host Behavior for Network Security

Cyber Security Through Visualization

Attack graph analysis using parallel algorithm

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

F-SECURE MESSAGING SECURITY GATEWAY

A HELPING HAND TO PROTECT YOUR REPUTATION

Security Toolsets for ISP Defense

Flexible Web Visualization for Alert-Based Network Security Analytics

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Malicious Network Traffic Analysis

Applying Penetration Tests on a Highly Secured Cooperative Network

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Finding Anomalies in Time- Series using Visual Correla/on for Interac/ve Root Cause Analysis

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

TOP-DOWN DATA ANALYSIS WITH TREEMAPS

Introduction of Intrusion Detection Systems

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Network Instruments white paper

PeekKernelFlows: Peeking into IP flows

Outline. IT Security: General Trends and Research Directions. Technical Attacks. Typical attack. Automated attacks via Worms, Trojans, & Viruses

Conceptual Integration of Flow-based and Packet-based Network Intrusion Detection

A Frequency-Based Approach to Intrusion Detection

Description: Course Details:

Security Visualization Past, Present, Future

8 steps to protect your Cisco router

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

IC05 Introduction on Networks &Visualization Nov

Network Security Analysis by Using Business Intelligence

McAfee Vulnerability Manager 7.0.2

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

The methodology. Interne. 1 Introduction

FIREWALL POLICY November 2006 TNS POL - 008

Literature Review in Visual Analytics for Malware Pattern Analysis

Large-scale coordinated attacks: Impact on the cloud security

Building Secure Networks for the Industrial World

SECURITY ADVISORY FROM PATTON ELECTRONICS

3D Approach to the Visualization of Parallel Applications and Grid Monitoring Information

Getting the Most Out of SIEM. Presentation Title. Data in Big Data. Presented By: Dr. Char Sample, CERT

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Cyberspace Forensics Readiness and Security Awareness Model

Firewalls and Intrusion Detection

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks

Firewalls, Tunnels, and Network Intrusion Detection

WAN Optimization in MPLS Networks- the Transparency Challenge!

Transcription:

Visual Support for Analyzing Network Traffic and Intrusion Detection Events using TreeMap and Graph Representations Florian Mansmann 1 Fabian Fischer 1 Daniel A. Keim 1 Stephen C. North 2 1 University of Konstanz, Germany 2 AT&T Research, Florham Park, NJ, U.S.A. Symposium on Computer-Human Interaction for Management of Information Technology, Baltimore, MD, 2009

page 2 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 Introduction Photo by Guillaume Paumier / Wikimedia Commons, CC-by-sa-3.0

page 3 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 Introduction Do you still know, what s going on in your network? Photo by Guillaume Paumier / Wikimedia Commons, CC-by-sa-3.0

page 4 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 How to combine all the data? Intrusion Detection e.g. Generated IDS Events, Firewall Logs Network Traffic e.g. NetFlow connections, Bandwidth data,

page 5 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 Visual Analytics with NFlowVis Private Network Intrusion Detection (Generated Events) Gateway Network Traffic (NetFlow) Internet PostgreSQL

Daily Traffic Overview

Daily Traffic Overview (Flows per Minute Widget)

Intrusion Detection View

Intrusion Detection View Select IDS Data Source

Intrusion Detection View Suspicious Hosts

Intrusion Detection View Suspicious Hosts

Home-Centric Network Visualization

Graph Visualization

Host Details View

NetFlow Records

page 16 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 Service Monitoring with NFlowVis Example: Conficker Worm (11/2008) Exploits MS08-067 vulnerability RPC over Port 445/TCP Are there any compromised hosts in my network?

Intrusion Detection View Suspicious Hosts

Home-Centric Network Visualization

page 20 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 Analyzing SSH Attacks with NFlowVis http://stats.denyhosts.net/stats.html How was our network affected by these attacks?

Remote Hosts with SSH connections (5 th October 2009)

Home-Centric Network Visualization

Home-Centric Network Visualization (Drill-Down)

Home-Centric Network Visualization (Drill-Down)

Graph Visualization

Home-Centric Network Visualization (SSH Attacks on 5 th October 2009)

Graph Visualization (SSH Attacks on 5 th October 2009)

page 28 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 Conclusions Intrusion Detection and Network Monitoring combined Automated Analysis combined with Interactive Exploration NFlowVis is a Visual Analytics System for Network Data

page 29 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 Thank you very much for your attention! Questions? For further information about this work please contact Fabian Fischer Tel. +49 7531 88-2780 Fabian.Fischer@uni-konstanz.de http://nflowvis.dbvis.de/

page 30 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 References I Ball, R., Fink, G., and North, C. (2004). Home-centric visualization of network traffic for security administration. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pages 55 64. Holten, D. (2006). Hierarchical Edge Bundles: Visualization of Adjacency Relations in Hierarchical Data. IEEE Trans. Vis. Comput. Graph., 12(5):741 748.

page 31 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 References II Ellson, J., Gansner, E., Koutsofios, L., North, S., and Woodhull, G. (2002). Graphviz-Open Source Graph Drawing Tools. Lecture Notes in Computer Science, pages 483 484. Shneiderman, B. (1992). Tree visualization with tree-maps: 2-d space-filling approach. ACM Trans. Graph., 11(1):92 99.

page 32 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 Hierarchical Edge Bundling

page 33 Visual Support for Analyzing Network Traffic Fabian Fischer CHIMIT 2009 Hierarchical Edge Bundling

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information