Browse > Article
http://dx.doi.org/10.13089/JKIISC.2009.19.3.107

An Efficient Method for Analyzing Network Security Situation Using Visualization  

Jeong, Chi-Yoon (Electronics and Telecommunications Research Institute)
Sohn, Seon-Gyoung (Electronics and Telecommunications Research Institute)
Chang, Beom-Hwan (Electronics and Telecommunications Research Institute)
Na, Jung-Chan (Electronics and Telecommunications Research Institute)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.19, no.3, 2009 , pp. 107-117 More about this Journal
Abstract
Network administrator recognizes the abnormal phenomenon in the managed network by using the alert messages generated in the security devices including the intrusion detection system, intrusion prevention system, firewall, and etc. And then the series of task, which searches for the traffic related to the alert message and analyzes the traffic data, are required to determine where the abnormal phenomenon is the real network security threat or not. There are many alert messages to have to inspect in order to determine the network security situation. Also the much times are needed so that the network administrator can analyze the security condition using existing methods. Therefore, in this paper, we proposed an efficient method for analyzing network security situation using visualization. The proposed method monitors anomalies occurred in the entire IP address's space and displays the detail information of a security event. In addition, it represents the physical locations of the attackers or victims by linking GIS information and IP address. Therefore, it is helpful for network administrator to rapidly analyze the security status of managed network.
Keywords
Information visualization; Security visualization; Network monitoring; Network situation awareness;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 G. Fink, R. Ball, N. Jawalkar, C. North, and R. Correa, "Network Eye: End-to-End Computer Security Visualization," Submitted for Consideration at ACM CCS Workshop on Visualization and Data Mining for Computer Security (VizSec/DMSec), Oct. 2004   DOI
2 S. Lau, "The Spinning Cube of Potential Doom," Communications of the ACM, vol. 47, no. 6, pp. 25-26, June 2004   DOI   ScienceOn
3 S. Krasser, G. Conti, J. Grizzard, J. Gribschaw, and H. Owen, "Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization," Proc. of sixth IEEE Systems, Man and Cybernetics Information Assurance Workshop, pp. 42-49, June 2005
4 G. Conti and K. Abdullah, "Passive Visual Fingerprinting of Network Attack Tools," Proc. of VizSEC'04, ACM Press, pp. 45-54, Oct. 2004   DOI
5 A. Oline and D. Reiners, "Exploring Three-Dimensional Visualization for Intrusion Detection," Proc. of VizSEC'05, IEEE, pp. 113-120, Oct. 2005
6 장범환, 정치윤, 손선경, 나중찬, "고정밀 수치지형도를 활용한 네트워크 보안상황인지 기술," 제12회차세대 통신소프트웨어 학술대회, pp. 210-215, 2008년 12월
7 장범환, 나중찬, 장종수, "보안 이벤트 시각화를 이용한 보안 상황 인지 기술," 정보보호학회지, 16(2), pp. 18-25, 2006년 4월
8 R. Erbacher, K. Christensen, and A. Sundberg, "Designing Visualization Capabilities for IDS Challenges," Proc. of VizSEC'05, IEEE, pp. 121-128, Oct. 2005
9 K. Abdullah, C. Lee, G. Conti, J. Copeland, and J. Stasko, "IDS RainStorm: Visualizing IDS Alarms ," Proc. of VizSEC'05, IEEE. pp. 1-7, Oct. 2005   DOI
10 H. Koike and K. Ohno, "Snortview: Visualization system of snort logs," Proc. of VizSEC'04, ACM Press, pp. 143-147, Oct. 2004   DOI
11 J. McPherson, K. Ma, P. Krystosek. T. Bartoletti, and M. Christensen, "PortVis: A Tool for Port-Based Detection of Security Events," Proc. of VizSEC'04, ACM Press, pp. 73-81. Oct. 2004   DOI
12 X. Yin, W. Yurcik, and A. Slagell. "The Design of VisFlowConnect-IP: A Link Analysis System for IP Security Situational Awareness," Third IEEE Int'l Information Assurance Workshop, University of Maryland, pp. 23-24, Mar. 2005   DOI
13 K. Lakkaraju, W. Yurcik, and A.J. Lee, "NVisionIP: Netflow Visualizations of System State for Security Situational Awareness," In Proc. of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, ACM Press, New York, NY, USA. pp. 65-72, Oct. 2004   DOI
14 SecureScope, http://www.SecureDecisions.com/
15 GeoIP, MaxMind's IP Intelligence Solution, http://maxmind.com/
16 IP2Location, http://www.ip2location.com