Browse > Article
http://dx.doi.org/10.15207/JKCS.2019.10.12.017

Visualization of network traffic attack using time series radial axis and cylindrical coordinate system  

Chang, Beom-Hwan (Division of Computer, Howon University)
Choi, Younsung (Division of Computer, Howon University)
Publication Information
Journal of the Korea Convergence Society / v.10, no.12, 2019 , pp. 17-22 More about this Journal
Abstract
Network attack analysis and visualization methods using network traffic session data detect network anomalies by visualizing the sender's and receiver's IP addresses and the relationship between them. The traffic flow is a critical feature in detecting anomalies, but simply visualizing the source and destination IP addresses symmetrically from up-down or left-right would become a problematic factor for the analysis. Also, there is a risk of losing timely security situation when designing a visualization interface without considering the temporal characteristics of time-series traffic sessions. In this paper, we propose a visualization interface and analysis method that visualizes time-series traffic data by using the radial axis, divide IP addresses into network and host portions which then projects on the cylindrical coordinate system that could effectively monitor network attacks. The proposed method has the advantage of intuitively recognizing network attacks and identifying attack activity over time.
Keywords
Network Security; Network Traffic Visualization; Network Attack Monitoring; Managed Security;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 X. Yin, W. Yurcik & A. Slagell. (2005, Mar.). The Design of VisFlowConnect-IP: A Link Analysis System for IP Security Situational Awareness. 3rd IEEE International Workshop on Information Assurance. (pp. 141-153). College Park, MD, USA.
2 T. Taylor, D. Paterson, J. Glanfield & et al. (2009, Mar.). FloVis: Flow visualization system. Cybersecurity Applications & Technology Conference For Homeland Security. (pp. 186-198). Washington, DC, USA.
3 C. Kintzel, J. Fuchs & F. Mansmann. (2011, July). Monitoring Large IP Spaces with ClockView. 8th International Symposium on Visualization for Cyber Security. (Article No.: 2, pp. 1-10). Pittsburgh, PA, USA.
4 T. Nunnally, K. Abdullah, A. Uluagac, J. Copeland & R. Beyah. (2013, Oct.). NAVSEC : A Recommender System for 3D Network Security Visualizations. Tenth Workshop on Visualization for Cyber Security. (pp. 41-48). Atlanta GA, USA.
5 E. L. Malecot, M. Kohara, Y. Hori & K. Sakurai. (2006, Nov.). Interactively Combining 2D and 3D Visualization for Network Traffic Monitoring. 3rd International Workshop on Visualization for Computer Security. (pp. 123-127). Alexandria, Virginia, USA.
6 A. Giani, I. G. D. Souza, V. Berk & G. CybenkoI. (2006, Oct.). Attribution and Aggregation of Network Flows for Security Analysis. 2006 CERT FloCon Workshop. (pp. 1-4). Vancouver, Washington, USA.
7 B. H. Chang. (2016). Monitoring Network Security Situation Based on Flow Visualization. Convergence security journal, 16(5), 41-48.
8 E. W. Bethel, S. Campbell, E. Dart, K. Stockinger & K. Wu. (2006, Oct.). Accelerating Network Traffic Analytics Using Query-Driven Visualization. 2006 IEEE Symposium on Visual Analytics Science and Technology. (pp. 115-122). Baltimore, MD.
9 R. Ball, G. Fink & C. North. (2004, Oct.), Home-Centric Visualization of Network Traffic for Security Administration. Workshop on Visualization and Data Mining for Computer Security. (pp. 55-64). Washington DC, USA.
10 B. H. Chang. (2012). A Method for Detection and Classification of Normal Server Activities and Attacks Composed of Similar Connection. Journal of the Korean Institute of Information Security and Cryptology, 22(6), 1315-1324.
11 S. W. Han. (2016). A Study on Periodic data visualization via Media Design Focusing on Periodic Mass Extinction. Doctoral dissertation. Seoul National Universisty, Seoul.
12 B. H. Chang. (2018). Monitoring and Tracking of Time Series Security Events using Visualization Interface with Multi-rotational and Radial Axis. Convergence security journal, 18(5), 33-43.
13 B. H. Chang. (2015). Network Attacks Visualization using a Port Role in Network Sessions. Journal of the Korea Society of Digital Industry and Information Management, 11(4), 47-60.   DOI
14 K. Lakkaraju, W. Yurcik & A. J. Lee. (2004, Oct.). NVisionIP: Netflow Visualizations of System State for Security Situational Awareness. 2004 ACM Workshop on Visualization and Data Mining for Computer Security. (pp. 65-72). Washington, DC, USA.
15 CAIDA. (Accessed Nov. 5, 2018). FlowScan - Network Traffic Flow Visualization and Reporting Tool. [Online]. www.caida.org/tools/utilities/flowscan/