Skip to main content
SpringerLink
Log in

MVSec: multi-perspective and deductive visual analytics on heterogeneous network security data

  • Regular Paper
  • Published:
Journal of Visualization Aims and scope Submit manuscript

Abstract

In this article, we present a visual analytics system, MVSec, which helps analysts understand better what information flows under network security datasets. The major contributions of this work include: (1) a data fusion strategy for multiple heterogeneous datasets by using unified event tuple and statistic tuple data structure, which compress large scale datasets and lays the foundation of cooperative visual analysis; (2) multiple coordinated views, which provide analysts with multiple visual perspectives to characterize loud events, dig out subtle events and investigate relations of events in datasets; and (3) a contextual visual analysis with deductive viewpoints, which inspires analysts to explore hypotheses and reason their deductions from visual narratives. In case studies, we demonstrate in detail how the system helps analysts draw an analytical storyline and understand network situations better in VAST Challenge 2013. Additionally, we discuss lessons learned in designing our system and participating in VAST Challenge 2013, which is helpful and applicable not only to similar network security systems but also to other domains facing visual analytics challenges.

Graphical abstract

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  • Bass T (2000) Intrusion detection systems and multisensor data fusion[J]. Commun ACM 43(4):99–105

    Article  Google Scholar 

  • Cook K, Grinstein G, Whiting M et al (2012) VAST challenge 2012: visual analytics for big data[C]. In: Proceeding of the 2012 IEEE conference on visual analytics science and technology (VAST). IEEE, New York, pp 251–255

  • Dumas M, Robert JM, McGuffin MJ (2012) Alertwheel: radial bipartite graph visualization applied to intrusion detection system alerts[J]. Netw IEEE 26(6):12–18

    Article  Google Scholar 

  • Erbacher RF (2012) Visualization design for immediate high-level situational assessment[C]. In: Proceedings of the ninth international symposium on visualization for cyber security. ACM, New York, pp 17–24

  • Finamore A, Mellia M, Meo M et al (2011) Experiences of internet traffic monitoring with tstat[J]. Netw IEEE 25(3):8–14

    Article  Google Scholar 

  • Fink GA, Muessig P, North C (2005) Visual correlation of host processes and network traffic[C]. In: IEEE workshop on visualization for computer security, 2005 (VizSEC 05). IEEE, New York, pp 11–19

  • Fischer F, Fuchs J, Vervier P A et al (2012) VisTracer: a visual analytics tool to investigate routing anomalies in traceroutes[C]. In: Proceedings of the ninth international symposium on visualization for cyber security. ACM, New York, pp 80–87

  • Fischer F, Fuchs J, Mansmann F et al (2013) BANKSAFE: visual analytics for big data in large-scale computer networks[J]. Inform Vis

  • Ghidini G, Das S K, Gupta V (2012) Fuseviz: a framework for web-based data fusion and visualization in smart environments[C]. In: Proceeding of the 2012 IEEE ninth international conference on Mobile Adhoc and Sensor Systems (MASS). IEEE, New York, pp 468–472

  • Goodall JR (2008) Introduction to visualization for computer security[M]. In: VizSEC 2007. Springer, Berlin, pp 1–17

  • Grinstein G, Cook K, Havig P et al (2011) VAST 2011 challenge: cyber security and epidemic[J]. IEEE VAST 2011:299–301

    Google Scholar 

  • Havre S, Hetzler E, Whitney P et al (2002) Themeriver: visualizing thematic changes in large document collections[J]. IEEE Trans Vis Comput Graph 8(1):9–20

    Article  Google Scholar 

  • Koike H, Ohno K, Koizumi K (2005) Visualizing cyber attacks using IP matrix[C]. In: IEEE workshop on visualization for computer security, 2005 (VizSEC 05). IEEE, New York, pp 91–98

  • Lakkaraju K, Yurcik W, Lee AJ (2004) NVisionIP: netflow visualizations of system state for security situational awareness[C]. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM, New York, pp 65–72

  • Li B, Springer J, Bebis G et al (2013) A survey of network flow applications[J]. J Netw Comput Appl 36(2):567–581

    Article  Google Scholar 

  • Livnat Y, Agutter J, Moon S et al (2005) Visual correlation for situational awareness[C]. In: IEEE symposium on information visualization, 2005. INFOVIS 2005. IEEE, New York, pp 95–102

  • Mansmann F, Keim DA, North SC et al (2007a) Visual analysis of network traffic for resource planning, interactive monitoring, and interpretation of security threats[J]. IEEE Trans Vis Comput Graph 13(6):1105–1112

    Article  Google Scholar 

  • Mansmann F, Keim DA, North SC et al (2007b) Visual analysis of network traffic for resource planning, interactive monitoring, and interpretation of security threats[J]. IEEE Trans Vis Comput Graph 13(6):1105–1112

    Article  Google Scholar 

  • Manyika J, Chui M, Brown B et al (2011) Big data: the next frontier for innovation, competition, and productivity[J]

  • McPherson J, Ma KL, Krystosk P et al (2004) Portvis: a tool for port-based detection of security events[C]. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM, New York, pp 73–81

  • Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends[J]. Comput Netw 51(12):3448–3470

    Article  Google Scholar 

  • Plonka D (2000) FlowScan: a network traffic flow reporting and visualization tool[C]. In: LISA, pp 305–317

  • Ren P, Gao Y, Li Z et al (2005) IDGraphs: intrusion detection and analysis using histographs[C]. In: IEEE Workshop on visualization for computer security, 2005. (VizSEC 05). IEEE, New York, pp 39–46

  • Shiravi H, Shiravi A, Ghorbani AA (2012) A survey of visualization systems for network security[J]. IEEE Trans Vis Comput Graph 18(8):1313–1329

    Article  Google Scholar 

  • Taylor T, Brooks S, McHugh J (2008) NetBytes viewer: an entity-based netflow visualization utility for identifying intrusive behavior[M]. In: VizSEC 2007. Springer, Berlin, pp 101–114

  • Teoh ST, Ma KL, Wu SF et al (2002) Case study: interactive visualization for internet security[C]. In: Proceedings of the conference on Visualization’02. IEEE Computer Society, pp 505–508

  • VAST Challenge 2013 (2013) Situation awareness and prospective analysis[C]. In: IEEE conference on visual analytics science and technology (VAST). IEEE, New York

  • Walker R, ap Cenydd L, Pop S et al (2013) Storyboarding for visual analytics[J]. Inform Vis

  • Yin X, Yurcik W, Treaster M et al (2004) VisFlowConnect: netflow visualizations of link relationships for security situational awareness[C]. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM, New York, pp 26–34

  • Zhao Y, Zhou FF, Fan XP et al (2013) IDSRadar: a real-time visualization framework for IDS alerts[J]. Sci China Inform Sci 1–12

  • VAST Challenge Homepage [EB/OL]. http://www.vacommunity.org/VAST+Challenge+2013

Download references

Acknowledgments

This work was supported by National Natural Science Foundation of China (Grant No. 61103108), Hunan Provincial Science and Technology Program (Grant Nos. 2012RS4049), Hunan Provincial Natural Science Foundation of China (Grant No. 12JJ3062), and Postdoc Research Funding in Central South University. The authors would also like to thank the data providers, IEEE VAST Challenge.

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, Central South University, Changsha, 410083, Hunan, China

    Ying Zhao, Xing Liang, Xiaoping Fan & Fangfang Zhou

  2. Laboratory of Networked Systems, Hunan University of Finance and Economics, Changsha, 410205, Hunan, China

    Xiaoping Fan

  3. School of Software, Central South University, Changsha, 410075, Hunan, China

    Yiwen Wang & Mengjie Yang

Authors
  1. Ying Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xing Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaoping Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yiwen Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mengjie Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Fangfang Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fangfang Zhou.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhao, Y., Liang, X., Fan, X. et al. MVSec: multi-perspective and deductive visual analytics on heterogeneous network security data. J Vis 17, 181–196 (2014). https://doi.org/10.1007/s12650-014-0213-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12650-014-0213-6

Keywords

Search

Navigation