FloVis: Flow Visualization System

FloVis: Flow Visualization System

NetFlow data is routinely captured at the border of many enterprise networks. Although not as rich as full packet-capture data, NetFlow provides a compact record of the interactions between host pairs on either side of the monitored border. Analysis of this data presents a challenge to the security...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Taylor, T., Paterson, D., Glanfield, J., Gates, C., Brooks, S., McHugh, J.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Data analysis
Data mining
Data security
Data visualization
Displays
Drives
Forensics
information assurance
Monitoring
Network Data Visualization
Performance analysis
Relational databases
visualization system
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 198
container_issue
container_start_page 186
container_title
container_volume
creator Taylor, T.
Paterson, D.
Glanfield, J.
Gates, C.
Brooks, S.
McHugh, J.
description NetFlow data is routinely captured at the border of many enterprise networks. Although not as rich as full packet-capture data, NetFlow provides a compact record of the interactions between host pairs on either side of the monitored border. Analysis of this data presents a challenge to the security analyst due to its volume. We report preliminary results on the development of a suite of visualization tools that are intended to complement command line tools, such as those from the SiLK Tools, that are currently used by analysts to perform forensic analysis of NetFlow data. The current version of the tool set draws on three visual paradigms: activity diagrams that display various aspects of multiple individual host behaviors as color coded time series, connection bundles that show the interactions among hosts and groups of hosts, and the NetBytes viewer that allows detailed examination of the port and volume behaviors of an individual host over a period of time. The system supports drill down for additional detail and pivoting that allows the analyst to examine the relationships among the displays. SiLK data is preprocessed into a relational database to drive the display modes, and the tools can interact with the SiLK system to extract additional data as necessary.
doi_str_mv 10.1109/CATCH.2009.18
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4804443</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4804443</ieee_id><sourcerecordid>4804443</sourcerecordid><originalsourceid>FETCH-LOGICAL-c258t-84cbcaeb6e495323e24ad95258ddf8bd3a381c089a00022223b793046245f54f3</originalsourceid><addsrcrecordid>eNotjkFLw0AUhBekUK059uQl_oDEt_veJm-9lWBVKHjQ9lo2yQZWUivdiNRf7wOdywwMzDdKLTWUWoO7a1ZvzVNpAFyp-UJlrmaoK2fRVmxn6koadmQM81xlKb2DiKwmoEt1ux6Pu5juc_HvXNKXH-OPn-LxI389pykcrtVs8GMK2b8v1Hb9IMBi8_L43Kw2RWcsTwVT13Y-tFUgIRsMhnzvrHR9P3Dbo0fWnRzxQjcibGuHQJUhO1gacKFu_nZjCGH_eYoHfzrviYGIEH8B7009Qw</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>FloVis: Flow Visualization System</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Taylor, T. ; Paterson, D. ; Glanfield, J. ; Gates, C. ; Brooks, S. ; McHugh, J.</creator><creatorcontrib>Taylor, T. ; Paterson, D. ; Glanfield, J. ; Gates, C. ; Brooks, S. ; McHugh, J.</creatorcontrib><description>NetFlow data is routinely captured at the border of many enterprise networks. Although not as rich as full packet-capture data, NetFlow provides a compact record of the interactions between host pairs on either side of the monitored border. Analysis of this data presents a challenge to the security analyst due to its volume. We report preliminary results on the development of a suite of visualization tools that are intended to complement command line tools, such as those from the SiLK Tools, that are currently used by analysts to perform forensic analysis of NetFlow data. The current version of the tool set draws on three visual paradigms: activity diagrams that display various aspects of multiple individual host behaviors as color coded time series, connection bundles that show the interactions among hosts and groups of hosts, and the NetBytes viewer that allows detailed examination of the port and volume behaviors of an individual host over a period of time. The system supports drill down for additional detail and pivoting that allows the analyst to examine the relationships among the displays. SiLK data is preprocessed into a relational database to drive the display modes, and the tools can interact with the SiLK system to extract additional data as necessary.</description><identifier>ISBN: 9780769535685</identifier><identifier>ISBN: 0769535682</identifier><identifier>DOI: 10.1109/CATCH.2009.18</identifier><identifier>LCCN: 2008942288</identifier><language>eng</language><publisher>IEEE</publisher><subject>Data analysis ; Data mining ; Data security ; Data visualization ; Displays ; Drives ; Forensics ; information assurance ; Monitoring ; Network Data Visualization ; Performance analysis ; Relational databases ; visualization system</subject><ispartof>2009 Cybersecurity Applications &amp; Technology Conference for Homeland Security, 2009, p.186-198</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c258t-84cbcaeb6e495323e24ad95258ddf8bd3a381c089a00022223b793046245f54f3</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4804443$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4804443$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Taylor, T.</creatorcontrib><creatorcontrib>Paterson, D.</creatorcontrib><creatorcontrib>Glanfield, J.</creatorcontrib><creatorcontrib>Gates, C.</creatorcontrib><creatorcontrib>Brooks, S.</creatorcontrib><creatorcontrib>McHugh, J.</creatorcontrib><title>FloVis: Flow Visualization System</title><title>2009 Cybersecurity Applications &amp; Technology Conference for Homeland Security</title><addtitle>CATCH</addtitle><description>NetFlow data is routinely captured at the border of many enterprise networks. Although not as rich as full packet-capture data, NetFlow provides a compact record of the interactions between host pairs on either side of the monitored border. Analysis of this data presents a challenge to the security analyst due to its volume. We report preliminary results on the development of a suite of visualization tools that are intended to complement command line tools, such as those from the SiLK Tools, that are currently used by analysts to perform forensic analysis of NetFlow data. The current version of the tool set draws on three visual paradigms: activity diagrams that display various aspects of multiple individual host behaviors as color coded time series, connection bundles that show the interactions among hosts and groups of hosts, and the NetBytes viewer that allows detailed examination of the port and volume behaviors of an individual host over a period of time. The system supports drill down for additional detail and pivoting that allows the analyst to examine the relationships among the displays. SiLK data is preprocessed into a relational database to drive the display modes, and the tools can interact with the SiLK system to extract additional data as necessary.</description><subject>Data analysis</subject><subject>Data mining</subject><subject>Data security</subject><subject>Data visualization</subject><subject>Displays</subject><subject>Drives</subject><subject>Forensics</subject><subject>information assurance</subject><subject>Monitoring</subject><subject>Network Data Visualization</subject><subject>Performance analysis</subject><subject>Relational databases</subject><subject>visualization system</subject><isbn>9780769535685</isbn><isbn>0769535682</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2009</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjkFLw0AUhBekUK059uQl_oDEt_veJm-9lWBVKHjQ9lo2yQZWUivdiNRf7wOdywwMzDdKLTWUWoO7a1ZvzVNpAFyp-UJlrmaoK2fRVmxn6koadmQM81xlKb2DiKwmoEt1ux6Pu5juc_HvXNKXH-OPn-LxI389pykcrtVs8GMK2b8v1Hb9IMBi8_L43Kw2RWcsTwVT13Y-tFUgIRsMhnzvrHR9P3Dbo0fWnRzxQjcibGuHQJUhO1gacKFu_nZjCGH_eYoHfzrviYGIEH8B7009Qw</recordid><startdate>200903</startdate><enddate>200903</enddate><creator>Taylor, T.</creator><creator>Paterson, D.</creator><creator>Glanfield, J.</creator><creator>Gates, C.</creator><creator>Brooks, S.</creator><creator>McHugh, J.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200903</creationdate><title>FloVis: Flow Visualization System</title><author>Taylor, T. ; Paterson, D. ; Glanfield, J. ; Gates, C. ; Brooks, S. ; McHugh, J.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c258t-84cbcaeb6e495323e24ad95258ddf8bd3a381c089a00022223b793046245f54f3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2009</creationdate><topic>Data analysis</topic><topic>Data mining</topic><topic>Data security</topic><topic>Data visualization</topic><topic>Displays</topic><topic>Drives</topic><topic>Forensics</topic><topic>information assurance</topic><topic>Monitoring</topic><topic>Network Data Visualization</topic><topic>Performance analysis</topic><topic>Relational databases</topic><topic>visualization system</topic><toplevel>online_resources</toplevel><creatorcontrib>Taylor, T.</creatorcontrib><creatorcontrib>Paterson, D.</creatorcontrib><creatorcontrib>Glanfield, J.</creatorcontrib><creatorcontrib>Gates, C.</creatorcontrib><creatorcontrib>Brooks, S.</creatorcontrib><creatorcontrib>McHugh, J.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Taylor, T.</au><au>Paterson, D.</au><au>Glanfield, J.</au><au>Gates, C.</au><au>Brooks, S.</au><au>McHugh, J.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>FloVis: Flow Visualization System</atitle><btitle>2009 Cybersecurity Applications &amp; Technology Conference for Homeland Security</btitle><stitle>CATCH</stitle><date>2009-03</date><risdate>2009</risdate><spage>186</spage><epage>198</epage><pages>186-198</pages><isbn>9780769535685</isbn><isbn>0769535682</isbn><abstract>NetFlow data is routinely captured at the border of many enterprise networks. Although not as rich as full packet-capture data, NetFlow provides a compact record of the interactions between host pairs on either side of the monitored border. Analysis of this data presents a challenge to the security analyst due to its volume. We report preliminary results on the development of a suite of visualization tools that are intended to complement command line tools, such as those from the SiLK Tools, that are currently used by analysts to perform forensic analysis of NetFlow data. The current version of the tool set draws on three visual paradigms: activity diagrams that display various aspects of multiple individual host behaviors as color coded time series, connection bundles that show the interactions among hosts and groups of hosts, and the NetBytes viewer that allows detailed examination of the port and volume behaviors of an individual host over a period of time. The system supports drill down for additional detail and pivoting that allows the analyst to examine the relationships among the displays. SiLK data is preprocessed into a relational database to drive the display modes, and the tools can interact with the SiLK system to extract additional data as necessary.</abstract><pub>IEEE</pub><doi>10.1109/CATCH.2009.18</doi><tpages>13</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 9780769535685
ispartof 2009 Cybersecurity Applications & Technology Conference for Homeland Security, 2009, p.186-198
issn
language eng
recordid cdi_ieee_primary_4804443
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Data analysis
Data mining
Data security
Data visualization
Displays
Drives
Forensics
information assurance
Monitoring
Network Data Visualization
Performance analysis
Relational databases
visualization system
title FloVis: Flow Visualization System
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-22T10%3A34%3A44IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=FloVis:%20Flow%20Visualization%20System&rft.btitle=2009%20Cybersecurity%20Applications%20&%20Technology%20Conference%20for%20Homeland%20Security&rft.au=Taylor,%20T.&rft.date=2009-03&rft.spage=186&rft.epage=198&rft.pages=186-198&rft.isbn=9780769535685&rft.isbn_list=0769535682&rft_id=info:doi/10.1109/CATCH.2009.18&rft_dat=%3Cieee_6IE%3E4804443%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4804443&rfr_iscdi=true