MVSec: multi-perspective and deductive visual analytics on heterogeneous network security data

Journal of Visualization - Tập 17 - Trang 181-196 - 2014

Ying Zhao¹, Xing Liang¹, Xiaoping Fan^1,2, Yiwen Wang³, Mengjie Yang³, Fangfang Zhou¹

¹School of Information Science and Engineering, Central South University, Changsha, China

²Laboratory of Networked Systems, Hunan University of Finance and Economics, Changsha, China

³School of Software, Central South University, Changsha, China

Tóm tắt

In this article, we present a visual analytics system, MVSec, which helps analysts understand better what information flows under network security datasets. The major contributions of this work include: (1) a data fusion strategy for multiple heterogeneous datasets by using unified event tuple and statistic tuple data structure, which compress large scale datasets and lays the foundation of cooperative visual analysis; (2) multiple coordinated views, which provide analysts with multiple visual perspectives to characterize loud events, dig out subtle events and investigate relations of events in datasets; and (3) a contextual visual analysis with deductive viewpoints, which inspires analysts to explore hypotheses and reason their deductions from visual narratives. In case studies, we demonstrate in detail how the system helps analysts draw an analytical storyline and understand network situations better in VAST Challenge 2013. Additionally, we discuss lessons learned in designing our system and participating in VAST Challenge 2013, which is helpful and applicable not only to similar network security systems but also to other domains facing visual analytics challenges.

Tài liệu tham khảo

Bass T (2000) Intrusion detection systems and multisensor data fusion[J]. Commun ACM 43(4):99–105 Cook K, Grinstein G, Whiting M et al (2012) VAST challenge 2012: visual analytics for big data[C]. In: Proceeding of the 2012 IEEE conference on visual analytics science and technology (VAST). IEEE, New York, pp 251–255 Dumas M, Robert JM, McGuffin MJ (2012) Alertwheel: radial bipartite graph visualization applied to intrusion detection system alerts[J]. Netw IEEE 26(6):12–18 Erbacher RF (2012) Visualization design for immediate high-level situational assessment[C]. In: Proceedings of the ninth international symposium on visualization for cyber security. ACM, New York, pp 17–24 Finamore A, Mellia M, Meo M et al (2011) Experiences of internet traffic monitoring with tstat[J]. Netw IEEE 25(3):8–14 Fink GA, Muessig P, North C (2005) Visual correlation of host processes and network traffic[C]. In: IEEE workshop on visualization for computer security, 2005 (VizSEC 05). IEEE, New York, pp 11–19 Fischer F, Fuchs J, Vervier P A et al (2012) VisTracer: a visual analytics tool to investigate routing anomalies in traceroutes[C]. In: Proceedings of the ninth international symposium on visualization for cyber security. ACM, New York, pp 80–87 Fischer F, Fuchs J, Mansmann F et al (2013) BANKSAFE: visual analytics for big data in large-scale computer networks[J]. Inform Vis Ghidini G, Das S K, Gupta V (2012) Fuseviz: a framework for web-based data fusion and visualization in smart environments[C]. In: Proceeding of the 2012 IEEE ninth international conference on Mobile Adhoc and Sensor Systems (MASS). IEEE, New York, pp 468–472 Goodall JR (2008) Introduction to visualization for computer security[M]. In: VizSEC 2007. Springer, Berlin, pp 1–17 Grinstein G, Cook K, Havig P et al (2011) VAST 2011 challenge: cyber security and epidemic[J]. IEEE VAST 2011:299–301 Havre S, Hetzler E, Whitney P et al (2002) Themeriver: visualizing thematic changes in large document collections[J]. IEEE Trans Vis Comput Graph 8(1):9–20 Koike H, Ohno K, Koizumi K (2005) Visualizing cyber attacks using IP matrix[C]. In: IEEE workshop on visualization for computer security, 2005 (VizSEC 05). IEEE, New York, pp 91–98 Lakkaraju K, Yurcik W, Lee AJ (2004) NVisionIP: netflow visualizations of system state for security situational awareness[C]. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM, New York, pp 65–72 Li B, Springer J, Bebis G et al (2013) A survey of network flow applications[J]. J Netw Comput Appl 36(2):567–581 Livnat Y, Agutter J, Moon S et al (2005) Visual correlation for situational awareness[C]. In: IEEE symposium on information visualization, 2005. INFOVIS 2005. IEEE, New York, pp 95–102 Mansmann F, Keim DA, North SC et al (2007a) Visual analysis of network traffic for resource planning, interactive monitoring, and interpretation of security threats[J]. IEEE Trans Vis Comput Graph 13(6):1105–1112 Mansmann F, Keim DA, North SC et al (2007b) Visual analysis of network traffic for resource planning, interactive monitoring, and interpretation of security threats[J]. IEEE Trans Vis Comput Graph 13(6):1105–1112 Manyika J, Chui M, Brown B et al (2011) Big data: the next frontier for innovation, competition, and productivity[J] McPherson J, Ma KL, Krystosk P et al (2004) Portvis: a tool for port-based detection of security events[C]. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM, New York, pp 73–81 Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends[J]. Comput Netw 51(12):3448–3470 Plonka D (2000) FlowScan: a network traffic flow reporting and visualization tool[C]. In: LISA, pp 305–317 Ren P, Gao Y, Li Z et al (2005) IDGraphs: intrusion detection and analysis using histographs[C]. In: IEEE Workshop on visualization for computer security, 2005. (VizSEC 05). IEEE, New York, pp 39–46 Shiravi H, Shiravi A, Ghorbani AA (2012) A survey of visualization systems for network security[J]. IEEE Trans Vis Comput Graph 18(8):1313–1329 Taylor T, Brooks S, McHugh J (2008) NetBytes viewer: an entity-based netflow visualization utility for identifying intrusive behavior[M]. In: VizSEC 2007. Springer, Berlin, pp 101–114 Teoh ST, Ma KL, Wu SF et al (2002) Case study: interactive visualization for internet security[C]. In: Proceedings of the conference on Visualization’02. IEEE Computer Society, pp 505–508 VAST Challenge 2013 (2013) Situation awareness and prospective analysis[C]. In: IEEE conference on visual analytics science and technology (VAST). IEEE, New York Walker R, ap Cenydd L, Pop S et al (2013) Storyboarding for visual analytics[J]. Inform Vis Yin X, Yurcik W, Treaster M et al (2004) VisFlowConnect: netflow visualizations of link relationships for security situational awareness[C]. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM, New York, pp 26–34 Zhao Y, Zhou FF, Fan XP et al (2013) IDSRadar: a real-time visualization framework for IDS alerts[J]. Sci China Inform Sci 1–12 VAST Challenge Homepage [EB/OL]. http://www.vacommunity.org/VAST+Challenge+2013

Scholar Hub - Công cụ hỗ trợ trích dẫn và phân tích khoa học Việt Nam

Về chúng tôi

Scholar Hub là công cụ hỗ trợ trích dẫn và phân tích các bài báo, công bố khoa học Việt Nam. Công cụ trợ giúp người nghiên cứu, tạp chí, đơn vị nghiên cứu tra cứu, phân tích và thống kê dữ liệu nghiên cứu khoa học tại Việt Nam và quốc tế.
ScholarHub KHÔNG đăng thông tin tổng hợp, KHÔNG đăng lại nội dung từ các trang báo chí Việt Nam hoặc trang thông tin điện tử khác tại Việt Nam.

Thông tin, cập nhật

Đăng ký Tạp chí tham gia vào Scholar Hub

Phản hồi ý kiến về Scholar Hub

Bài viết, nội dung cập nhật

Chủ đề khoa học

Website liên kết

Hệ thống CSDL Khoa học & Công nghệ

Phần mềm kiểm tra trùng lặp Kiểm Tra Tài Liệu

Phần mềm xuất bản tạp chí điện tử VOJS

Nền tảng trắc nghiệm và đề thi đa lĩnh vực LetQA