nach oben

Computing

Erschienen in:

01.01.2014

Visualizing big network traffic data using frequent pattern mining and hypergraphs

verfasst von: Eduard Glatz, Stelios Mavromatidis, Bernhard Ager, Xenofontas Dimitropoulos

Erschienen in: Computing | Ausgabe 1/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Visualizing communication logs, like NetFlow records, is extremely useful for numerous tasks that need to analyze network traffic traces, like network planning, performance monitoring, and troubleshooting. Communication logs, however, can be massive, which necessitates designing effective visualization techniques for large data sets. To address this problem, we introduce a novel network traffic visualization scheme based on the key ideas of (1) exploiting frequent itemset mining (FIM) to visualize a succinct set of interesting traffic patterns extracted from large traces of communication logs; and (2) visualizing extracted patterns as hypergraphs that clearly display multi-attribute associations. We demonstrate case studies that support the utility of our visualization scheme and show that it enables the visualization of substantially larger data sets than existing network traffic visualization schemes based on parallel-coordinate plots or graphs. For example, we show that our scheme can easily visualize the patterns of more than 41 million NetFlow records. Previous research has explored using parallel-coordinate plots for visualizing network traffic flows. However, such plots do not scale to data sets with thousands of even millions of flows.

Vorheriger Artikel Flow-inspector: a framework for visualizing network flow data using current web technologies

Nächster Artikel Visualizing sparse internet events: network outages and route changes

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Choi H, Lee H, Kim H (2009) Fast detection and visualization of network attacks on parallel coordinates. Comput Secur 28(5):276–288

Berthier R, Cukier M, Hiltunen M, Kormann D, Vesonder G, Sheleheda D (2010) Nfsight: netflow-based network awareness tool. In: Proceedings of LISA

Borgelt C, Wang X (2009) Sam: A split and merge algorithm for fuzzy frequent item set mining. In: Proceedings of IFSA/EUSFLAT

Boschetti A, Salgarelli L, Muelder C, Ma K.-L (2011) Tvi: a visual querying system for network monitoring and anomaly detection. In: Proceedings of the 8th International Symposium on Visualization for Cyber, Security

Brauckhoff D, Dimitropoulos X, Wagner A, Salamatian K (2009) Anomaly extraction in backbone networks using association rules. In: Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, ACM pp 28–34

Cirneci A, Boboc S, Leordeanu C, Cristea V, Estan C (2009) Netpy: Advanced network traffic monitoring. In: Proceedings of the 2009 International Conference on Intelligent Networking and Collaborative Systems. INCOS’ 09

D’Amico AD, Goodall JR, Tesone DR, Kopylec JK (2007) Visual discovery in computer network defense. IEEE Comput Graph Appl 27(5):20–27CrossRef

Ellson J, Gansner ER, Koutsofios E, North SC, Woodhull G (2003) Graphviz and dynagraph static and dynamic graph drawing tools. In: GRAPH DRAWING SOFTWARE, Springer, Berlin, pp 127–148

Ertek G, Demiriz A (2006) A framework for visualizing association mining results. In: Proceedings of the 21st International Conference on computer and information sciences

10.

Estan C, Savage S, Varghese G (2003) Automatically inferring patterns of resource consumption in network traffic. Comp Commun Rev 33(4):137–150

11.

Fischer F, Mansmann F, Keim DA, Pietzko S, Waldvogel M (2008) Large-scale network monitoring for visual analysis of attacks. In: Proceedings of the 5th International Workshop on visualization for computer, security

12.

Fruchterman TMJ, Reingold EM (1991) Graph drawing by force-directed placement. Softw Pract Exp 21(11):1129–1164

13.

Glanfield J, Brooks S, Taylor T, Paterson D, Smith C, Gates C, Mchugh J (2009) OverFlow: An overview visualization for network analysis. In: Proceedings of workshop on visualization for cyber security (VizSec)

14.

Glatz E (2010) Visualizing host traffic through graphs. In: Proceedings of the Seventh International Symposium on visualization for cyber, security

15.

Glatz E, Dimitropoulos X (2012) Classifying internet one-way traffic. In: Proceedings of ACM SIGCOMM Internet Measurement Conference

16.

Haag P (2005) Watch your flows with nfsen and nfdump. In: In 50th RIPE Meeting

17.

Hahsler M, Chelluboina S (2011) Visualizing association rules: Introduction to the R-extension package arulesViz. R project module

18.

Iliofotou M, Pappu P, Faloutsos M, Mitzenmacher M, Singh S, Varghese G (2007) Network monitoring using traffic dispersion graphs (TDGs). In: Proceedings of ACM SIGCOMM Internet Measurement Conference

19.

Jin Y, Sharafuddin E, Zhang Z.-L (2009) Unveiling core network-wide communication patterns through application traffic activity graph decomposition. In: Proceedings of SIGMETRICS

20.

Kamada T, Kawai S (1989) An algorithm for drawing general undirected graphs. Inf Process Lett 31(1):7–15CrossRefMATHMathSciNet

21.

Karagiannis T, Papagiannaki K, Faloutsos M (2005) Blinc: multilevel traffic classification in the dark. In: Proceedings of the 2005 Conference on applications, technologies, architectures, and protocols for computer communications

22.

Lakkaraju K, Yurcik W, Lee AJ (2004) Nvisionip: netflow visualizations of system state for security situational awareness. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer, security

23.

Luca Deri. ntop. http://www.ntop.org

24.

Plonka D (2000) Flowscan: a network traffic flow reporting and visualization tool. In: Proceedings of the 14th USENIX Conference on system administration

25.

Leinen S (2001) Fluxoscope —a system for flow-based accounting. In: Proceedings of the 2001 passive and active measurement workshop (poster). http://www.switch.ch/network/operation/statistics/fluxoscope/

26.

Srikant R, Agrawal R (1997) Mining generalized association rules. Future Gener Comput Syst 13(2–3): 161–180

27.

Taylor T, Paterson D, Glanfield J, Gates C, Brooks S, McHugh J (2009) Flovis: flow visualization system. In: Conference for homeland security, 2009. CATCH ’09. Cybersecurity applications technology

28.

Wang J, Han J, Lu Y, Tzvetkov P (2005) Tfp: an efficient algorithm for mining top-k frequent closed itemsets. Knowl Data Eng IEEE Trans 17(5):652–663CrossRef

29.

Yin X, Yurcik W, Treaster M, Li Y, Lakkaraju K (2004) Visflowconnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer, security

Titel: Visualizing big network traffic data using frequent pattern mining and hypergraphs
verfasst von: Eduard Glatz
Stelios Mavromatidis
Bernhard Ager
Xenofontas Dimitropoulos
Publikationsdatum: 01.01.2014
Verlag: Springer Vienna
Erschienen in: Computing / Ausgabe 1/2014
Print ISSN: 0010-485X
Elektronische ISSN: 1436-5057
DOI: https://doi.org/10.1007/s00607-013-0282-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 1/2014

Demo abstract: towards extracting semantics by visualizing large traceroute datasets

A coordinated view of the temporal evolution of large-scale Internet events

Internet visualization

Visual discovery of the correlation between BGP routing and round-trip delay active measurements

Visualizing sparse internet events: network outages and route changes

PACKTER: implementation of internet traffic visualizer and extension for network forensics