nach oben

Wireless Personal Communications

Erschienen in:

21.05.2018

Seeflow: A Visualization System Using 2T Hybrid Graph for Characteristics Analysis of Abnormal Netflow

verfasst von: Sheng Zhang, Ronghua Shi, Jue Zhao

Erschienen in: Wireless Personal Communications | Ausgabe 4/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

With the network expansion, the development of information highway, and the numerous data generated by applications, Netflow log size has been rapidly expanding. This paper proposes the use of visualization techniques to quickly and effectively identify network attacks and abnormal events, as well as perceive network security situation. A 2T (combination with Time-series and Treemap) graph visualization system, named Seeflow, is developed, which uses information entropy of Netflow’s features to draw a Time-series graph and use cross-entropies to distinguish between the normal and abnormal flow stream. Time-series graph can overview the network state from macro level. And Treemap graph is used to drill down into details from micro level. In addition, the exponential function is used to conduct quantitative analysis for the performance of Treemap. The Seeflow system also creates graphical features to visually analyze attacks and find interesting patterns. In experiment, VAST Challenge2013 competition dataset is analyzed by Seeflow system. Comparing with the prize-winning works shows that Seeflow can intuitively display network security situation from both of macro and micro level and effectively identify network attacks as well as support decision-making.

Vorheriger Artikel Design and Enactment of Diverse Low Power Techniques Based Schmitt Trigger

Nächster Artikel Reinforcement Learning Based Mobility Adaptive Routing for Vehicular Ad-Hoc Networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Lai, J. B., Wang, H. Q., & Jin, S. (2007). Study of network security situation awareness system based on Netflow. Application Research of Computers, 24(8), 167–172.

Li, B., Springer, J., Bebis, G., & Gunes, M. H. (2013). A survey of network flow applications. Journal of Network and Computer Applications, 36(2), 567–581.CrossRef

Zhang, H. (2009). Study on the TOPN abnormal detection based on the netflow data set. Computer and Information Science, 2(3), 103–108.CrossRef

Hsiao HW, Chen DN, Wu TJ. (2010). Detecting hiding malicious website using network traffic mining approach. In 2nd international conference on education technology and computer (ICETC),vol. 5, V5-276-V5-280

Yin K and Zhu J. (2011). A novel DoS detection mechanism, in 2011 international conference on mechatronic science, electric engineering and computer (MEC), 296-298.

Sperotto, A. & Pras, A. (2011). Flow-based intrusion detection. In 2011 IFIP/IEEE International Symposium on Integrated Network Management (pp. 958–963).

Francois J, Wang S, Bronzi W, State R, Engel T. (2011). BotCloud: detecting botnets using MapReduce. In 2011 IEEE international workshop on information forensics and security (WIFS), (pp. 1–6).

Lakkaraju, K., Bearavolu, R., Slagell, A., Yurcik, W., North S. (2005). Closing-the-loop in nvisionip: integrating discovery and search in security visualizations. In Visualization for Computer Security, (pp. 75–82).

Taylor, T., Brook S and McHugh J. (2007). Netbytes viewer: An entity-based netflow visualization utility for identifying intru-sive behavior. In The 4th International Workshop on Visualization for Cyber Security, pp. 101–114.

10.

Fischer, F., Mansmann, F., Keim, D. A., Pietzko, S., Waldvogel, M. (2008). Large-scale network monitoring for visual analysis of attacks. In 5th international workshop on Visualization for Computer Security, (pp. 111–118).

11.

Boschetti A, Salgarelli L, Muelder C, Ma KL. (2011). TVi: a visual querying system for network monitoring and anomaly detection. In Proceedings of the 8th International Symposium on Visualization for Cyber Security, (pp. 1–10).

12.

Braun, L., Volke, M., Schlamp, J., Bodisco, A., & Carle, G. (2014). Flow-inspector: a framework for visualizing network flow data using current web technologies. Computing, 96(1), 15–26.CrossRef

13.

Zhou, F., Shi, R., & Zhao, Y. (2013). NetSecRadar: A visualization system for network security situational awareness. In IEEE Conference on Visual Analytics Science and Technology (VAST 2012) (pp. 403–416).

14.

Michael, J. M., & Zhao, S. (2011). Hybrid Visualization for Tree and Network Structures. Communications for the CCF, 7(4), 8–13.

15.

Shiravi, H., Shiravi, A., & Ghorbani, A. A. (2011). A survey of visualization systems for network security. IEEE Transactions on Visualization and Computer Graphics, 1(1), 1–19.

16.

Zhang, X., & Yuan, X. (2012). Treemap visualization. Journal of Computer-Aided Design & Computer Graphics, 24(9), 1113–1124.

17.

Krstajic M and Keim DA. (2013). Visualization of streaming data: Observing change and context in information visualization techniques. In 2013 IEEE International Conference on Big Data IEEE: Silicon Valley, (pp. 41–47).

18.

Wang, Z. & Yuan, X. (2014). Urban trajectory timeline visualization. In 2014 International Conference on Big Data and Smart Computing (BIGCOMP) Bangkok, (pp. 13–18).

19.

Krstajic, M., Bertini, E., & Keim, D. A. (2011). Cloudlines: Compact display of event episodes in multiple time-series. IEEE Transactions on Visualization and Computer Graphics, 17(12), 2432–2439.CrossRef

20.

Shi, C., Cui, W., Liu, S., & Xu, P. (2012). RankExplorer: visualization of ranking changes in large time series data. IEEE Transactions on Visualization and Computer Graphics, 18(12), 2669–2678.CrossRef

21.

Chen, Y., Hu, H., & Li, Z. (2013). Performance compare and optimazation of ractangular treemap layout algorithms. Journal of Computer-Aided Design & Computer Graphics, 25(11), 1623–1634.

22.

Stoffel, F., Fischer, F., & Keim, D. A. (2013). Finding anomalies in time-series using visual correlation for interactive root cause analysis. In Proceedings of the Tenth Workshop on Visualization for Cyber Security ACM (pp. 65–72).

23.

Choi, H., Lee, H., & Kim, H. (2009). Fast detection and visualization of network attacks on parallel coordinates. Computers Security, 28(5), 276–288.CrossRef

Titel: Seeflow: A Visualization System Using 2T Hybrid Graph for Characteristics Analysis of Abnormal Netflow
verfasst von: Sheng Zhang
Ronghua Shi
Jue Zhao
Publikationsdatum: 21.05.2018
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 4/2018
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-018-5808-0

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Kryptowährungen/© gopixa / Getty Images / iStock, MG4 aus China auf dem Prüfstand im ADAC-Technik-Zentrum in Landsberg am Lech/© ADAC e.V., Chassis eines Elektrofahrzeugs/© chesky / stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Sustainibility Finance/© Robert Kneschke / stock.adobe.com / Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2018

A Dynamic Adaptation Mechanism for Traffic Conditions in Wireless Sensor Network

A Hybrid Approach for Task Scheduling Using the Cuckoo and Harmony Search in Cloud Computing Environment

A Worst-Case Robust Combination Method of Beam-Forming and Orthogonal Space–Time Block Coding

Efficient Data Processing in Software-Defined UAV-Assisted Vehicular Networks: A Sequential Game Approach

A Resource Allocation Scheme with Fractional Frequency Reuse in Multi-cell OFDMA Systems

Distributed Spectrum Sensing Using Radio Environment Maps in Cognitive Radio Networks

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.