Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.4.693

FDANT-PCSV: Fast Detection of Abnormal Network Traffic Using Parallel Coordinates and Sankey Visualization  

Han, Ki hun (Korea University)
Kim, Huy Kang (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.4, 2020 , pp. 693-704 More about this Journal
Abstract
As a company's network structure is getting bigger and the number of security system is increasing, it is not easy to quickly detect abnormal traffic from huge amounts of security system events. In this paper, We propose traffic visualization analysis system(FDANT-PCSV) that can detect and analyze security events of information security systems such as firewalls in real time. FDANT-PCSV consists of Parallel Coordinates visualization using five factors(source IP, destination IP, destination port, packet length, processing status) and Sankey visualization using four factors(source IP, destination IP, number of events, data size) among security events. In addition, the use of big data-based SIEM enables real-time detection of network attacks and network failure traffic from the internet and intranet. FDANT-PCSV enables cyber security officers and network administrators to quickly and easily detect network abnormal traffic and respond quickly to network threats.
Keywords
abnormal network traffic; parallel coordinates; sankey; detection; visualization;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 C. Wu, S. Sheng, and X. Dong, "Research on visualization systems for DDoS attack detection," 2018 IEEE Interna- tional Conference on Systems, Man, and Cybernetics, pp. 2986-2991 January. 2019.
2 R. Marty, Applied Security Visualization, Pearson Education, Inc, Crawfordsville, 2008.
3 Jae Beom Park, Huy Kang Kim, and Eun Jin Kim, "Design and implementation of the honeycomb structure visualization system for the effective security situational awareness of large-scale networks," Journal of The Korea Institute of Information Security & Cryptology, 24(6), pp.1197-1213, Dec. 2014.   DOI
4 Dong Gun Lee, Huy Kang Kim, and Eun Jin Kim, "Study on security log visualization and security threat detection using RGB Palette," Journal of The Korea Institute of Information Security & Cryptology, 25(1), pp. 61-73, Feb. 2015.   DOI
5 Y. Okada, "Time-tunnel: 3D Visualization Tool and Its Aspects as 3D Parallel Coordinates," 2018 22nd International Conference Information Visualization, pp. 56-57, December. 2018.
6 H. Choi, H. Lee, and H. Kim, "Fast detection and visualization of network attacks on parallel coordinates," Computers and Security, vol. 28, no. 5, pp. 276-288, July. 2009.   DOI
7 V.T. Guimaraes, C.M.D.S. Freitas, R. Sadre, L.M.R. Tarouco, and L.Z. Granville, "A Survey on Information Visualization for Network and Service Management," IEEE Communication surveys & tutorials, vol. 18, no. 1, 2016.
8 M. Ring, D. Landes, and A. Hotho, "Detection of slow port scans in flow-based network traffic," PLOS ONE, vol. 13, no. 9, , Article number. e0204507, September. 2018.
9 Hyung Seok Kim, Suk Jun Ko, Dong Seong Kim, and Huy Kang Kim, "Firewall ruleset visualization analysis tool based on segmentation," 2017 IEEE Symposium on Visualization for Cyber Security(VizSec), Oct. 2017.