Visualization of network traffic attack using time series radial axis and cylindrical coordinate system

Chang, Beom-Hwan;Choi, Younsung;

doi:10.15207/JKCS.2019.10.12.017

Journal of the Korea Convergence Society (한국융합학회논문지)

Volume 10 Issue 12
/
Pages.17-22
/
2019
/
2233-4890(pISSN)
/
2713-6353(eISSN)

Korea Convergence Society (한국융합학회)

DOI QR Code

Visualization of network traffic attack using time series radial axis and cylindrical coordinate system

시계열 방사축과 원통좌표계를 이용한 네트워크 트래픽 공격 시각화

Chang, Beom-Hwan (Division of Computer, Howon University) ;
Choi, Younsung (Division of Computer, Howon University)

장범환 (호원대학교 컴퓨터학부) ;
최윤성 (호원대학교 컴퓨터학부)

Received : 2019.11.14
Accepted : 2019.12.20
Published : 2019.12.28

https://doi.org/10.15207/JKCS.2019.10.12.017 Citation PDF KSCI

Download PDF

⟨ Previous Next ⟩

Abstract

Network attack analysis and visualization methods using network traffic session data detect network anomalies by visualizing the sender's and receiver's IP addresses and the relationship between them. The traffic flow is a critical feature in detecting anomalies, but simply visualizing the source and destination IP addresses symmetrically from up-down or left-right would become a problematic factor for the analysis. Also, there is a risk of losing timely security situation when designing a visualization interface without considering the temporal characteristics of time-series traffic sessions. In this paper, we propose a visualization interface and analysis method that visualizes time-series traffic data by using the radial axis, divide IP addresses into network and host portions which then projects on the cylindrical coordinate system that could effectively monitor network attacks. The proposed method has the advantage of intuitively recognizing network attacks and identifying attack activity over time.

네트워크 트래픽 세션 데이터를 이용한 공격 분석 및 시각화 방법들은 세션 데이터 내의 송신지 및 수신지 IP주소 및 연결관계를 시각화하여 네트워크 이상 현상들을 감시한다. 트래픽의 송수신 방향은 이상 현상을 탐지하는데 있어서 매우 중요한 특징이지만, 단순히 송신지와 수신지 IP주소를 좌·우 또는 상·하 대칭적으로 시각화하는 것은 분석을 난해하게 만드는 요소가 된다. 또한, 시계열적인 트래픽 세션들의 시간 특성을 고려하지 않고 시각화 인터페이스를 설계할 경우에는 시간별 보안 상황 정보가 손실되는 위험을 감수해야 한다. 본 논문에서는 방사축을 이용하여 시계열 트래픽 데이터를 시각화하고 IP주소를 네트워크 부분과 호스트 부분으로 분할 및 원통좌표계에 표출시켜 효과적으로 네트워크 공격을 감시할 수 있는 시각화 인터페이스와 분석 방법을 제안하고자 한다. 제안하는 방법은 네트워크 공격을 직관적으로 인지하고 공격 활동을 시간흐름에 따라 파악할 수 있는 장점을 가진다.

Keywords

References

E. L. Malecot, M. Kohara, Y. Hori & K. Sakurai. (2006, Nov.). Interactively Combining 2D and 3D Visualization for Network Traffic Monitoring. 3rd International Workshop on Visualization for Computer Security. (pp. 123-127). Alexandria, Virginia, USA.
A. Giani, I. G. D. Souza, V. Berk & G. CybenkoI. (2006, Oct.). Attribution and Aggregation of Network Flows for Security Analysis. 2006 CERT FloCon Workshop. (pp. 1-4). Vancouver, Washington, USA.
E. W. Bethel, S. Campbell, E. Dart, K. Stockinger & K. Wu. (2006, Oct.). Accelerating Network Traffic Analytics Using Query-Driven Visualization. 2006 IEEE Symposium on Visual Analytics Science and Technology. (pp. 115-122). Baltimore, MD.
R. Ball, G. Fink & C. North. (2004, Oct.), Home-Centric Visualization of Network Traffic for Security Administration. Workshop on Visualization and Data Mining for Computer Security. (pp. 55-64). Washington DC, USA.
B. H. Chang. (2012). A Method for Detection and Classification of Normal Server Activities and Attacks Composed of Similar Connection. Journal of the Korean Institute of Information Security and Cryptology, 22(6), 1315-1324.
B. H. Chang. (2016). Monitoring Network Security Situation Based on Flow Visualization. Convergence security journal, 16(5), 41-48.
S. W. Han. (2016). A Study on Periodic data visualization via Media Design Focusing on Periodic Mass Extinction. Doctoral dissertation. Seoul National Universisty, Seoul.
B. H. Chang. (2018). Monitoring and Tracking of Time Series Security Events using Visualization Interface with Multi-rotational and Radial Axis. Convergence security journal, 18(5), 33-43.
B. H. Chang. (2015). Network Attacks Visualization using a Port Role in Network Sessions. Journal of the Korea Society of Digital Industry and Information Management, 11(4), 47-60. https://doi.org/10.17662/ksdim.2015.11.4.047
CAIDA. (Accessed Nov. 5, 2018). FlowScan - Network Traffic Flow Visualization and Reporting Tool. [Online]. www.caida.org/tools/utilities/flowscan/
K. Lakkaraju, W. Yurcik & A. J. Lee. (2004, Oct.). NVisionIP: Netflow Visualizations of System State for Security Situational Awareness. 2004 ACM Workshop on Visualization and Data Mining for Computer Security. (pp. 65-72). Washington, DC, USA.
X. Yin, W. Yurcik & A. Slagell. (2005, Mar.). The Design of VisFlowConnect-IP: A Link Analysis System for IP Security Situational Awareness. 3rd IEEE International Workshop on Information Assurance. (pp. 141-153). College Park, MD, USA.
T. Taylor, D. Paterson, J. Glanfield & et al. (2009, Mar.). FloVis: Flow visualization system. Cybersecurity Applications & Technology Conference For Homeland Security. (pp. 186-198). Washington, DC, USA.
C. Kintzel, J. Fuchs & F. Mansmann. (2011, July). Monitoring Large IP Spaces with ClockView. 8th International Symposium on Visualization for Cyber Security. (Article No.: 2, pp. 1-10). Pittsburgh, PA, USA.
T. Nunnally, K. Abdullah, A. Uluagac, J. Copeland & R. Beyah. (2013, Oct.). NAVSEC : A Recommender System for 3D Network Security Visualizations. Tenth Workshop on Visualization for Cyber Security. (pp. 41-48). Atlanta GA, USA.

Journal of the Korea Convergence Society (한국융합학회논문지)

Visualization of network traffic attack using time series radial axis and cylindrical coordinate system

시계열 방사축과 원통좌표계를 이용한 네트워크 트래픽 공격 시각화

Abstract

Keywords

References

이메일무단수집거부

이용약관

제 1 장 총칙

제 2 장 이용계약의 체결

제 3 장 계약 당사자의 의무

제 4 장 서비스의 이용

제 5 장 계약 해지 및 이용 제한

제 6 장 손해배상 및 기타사항

Detail Search

Image Search (β)