Siming Chen, Cong Guo, Xiaoru Yuan, Fabian Merkle, Hanna Schaefer, Thomas Ertl

2014-11-10

Abstract:Visualization and interactive analysis can help network administrators and security analysts analyze the network flow and log data. The complexity of such an analysis requires a combination of knowledge and experience from more domain experts to solve difficult problems faster and with higher reliability. We developed an online visual analysis system called OCEANS to address this topic by allowing close collaboration among security analysts to create deeper insights in detecting network events. Loading the heterogeneous data source (netflow, IPS log and host status log), OCEANS provides a multi-level visualization showing temporal overview, IP connections and detailed connections. Participants can submit their findings through the visual interface and refer to others' existing findings. Users can gain inspiration from each other and collaborate on finding subtle events and targeting multi-phase attacks. Our …

Ying ZHAO,Xiaoping FAN,Fangfang ZHOU,Wei HUANG,Mengjiao TANG

DOI: https://doi.org/10.3778/j.issn.1673-9418.1312039

2014-01-01

Abstract:Network security visualization is a growing community of network security research in recent years. It provides the human security analysts with better tools to discover patterns, detect anomalies, identify correlations of security events with higher efficiency. To meet the demand of cooperative visual analytics on large-scale network and multi-source data, this paper develops a data fusion model based on the even tuple and statistics tuple within uni-form data formats, raises a design strategy including the radial graph that is good at parsing events correlations and comparative stacked stream that is good at comparing statistics time series, explores the automated deployment method based on network logic topology and edge bundling method in radial graph. Finally by utilizing the pro-posed prototype system to analyze network security datasets in VAST Challenge 2013 and conducting some experi-ments and discussions, the effectiveness of tools is verified and substantiated.

Li Zheng,Gang Yu,Yuntian Zheng

DOI: https://doi.org/10.1007/s11265-023-01836-0

2023-02-01

Journal of Signal Processing Systems

Abstract:Data visualization is an important approach for data analysis, which can reveal the patterns and characteristics of complex datasets through visual processing, and provide aid for data analysts. In recent years, with the expansion of Internet users and the rich diversity of various Internet applications, the importance of network security is increasing. In the field of network security data analysis, it is a developing direction to use data visualization methods and visual analysis tools to assist manual analysis. In this paper, a visualization system for network security data is designed and implemented, which is mainly based on network flow records and security policies. The node centrality measurement and high-dimensional data visualization methods are comprehensively applied, and an interactive visualization approach is proposed. The IP topology is presented in three different view modes: static analysis, temporal analysis and exploration analysis. In addition, the high-dimensional projection map takes flow, security policy and IP address as analysis objects and selects several dimensional features as indicators. After visual presentation, the distribution of the stream set and IP set contained in the record after projection in the selected dimension space can be obtained, so that the analyst can find the points with significant abnormal eigenvalue distribution, and deduce the possible situation based on this. After testing, the system can accept the new original data record file, and quickly generate the corresponding visualization content, which can be used for the visualization analysis of network security optimization tool software, and has been used in the actual system.

computer science, information systems,engineering, electrical & electronic

Sheng Zhang,Ronghua Shi,Jue Zhao

DOI: https://doi.org/10.3837/tiis.2016.06.019

2016-01-01

KSII Transactions on Internet and Information Systems

Abstract:Owing to their low scalability, weak support on big data, insufficient data collaborative analysis and inadequate situational awareness, the traditional methods fail to meet the needs of the security data analysis. This paper proposes visualization methods to fuse the multi-source security data and grasp the network situation. Firstly, data sources are classified at their collection positions, with the objects of security data taken from three different layers. Secondly, the Heatmap is adopted to show host status; the Treemap is used to visualize Netflow logs; and the radial Node-link diagram is employed to express IPS logs. Finally, the Labeled Treemap is invented to make a fusion at data-level and the Time-series features are extracted to fuse data at feature-level. The comparative analyses with the prize-winning works prove this method enjoying substantial advantages for network analysts to facilitate data feature fusion, better understand network security situation with a unified, convenient and accurate mode.

Fangfang Zhou,Ronghua Shi,Ying Zhao,Yezi Huang,Xing Liang

DOI: https://doi.org/10.1007/978-3-319-03584-0_30

2013-01-01

Abstract:Situational awareness is defined as the ability to effectively determine an overall computer network status based on relationships between security events in multiple dimensions. Unfortunately, as the lack of tools to synthetically analyze the security logs generated by kinds of network security products, such as NetFlow, Firewall and Host Security, it is difficult to monitor and perceive network security situational awareness. Information visualization allows users to discover and analyze large amounts of information through visual exploration and interaction efficiently. Even with the aid of visualization, identifying the attack patterns from big multi-source data and recognizing the abnormal from visual clutter are still challenges. In this paper, a novel visualization system, NetSecRadar, is proposed for network security situational awareness based on multi-source logs, which can monitor the network and perceive the overall view of the security situation by using radial graph. NetSecRadar utilizes a hierarchical force-directed graph layout for arrangement of thousands of hosts to better use the available screen space, and provides the method to quantify the dangerous levels of the security events, and finds the correlations of security events generated by multi-source logs and perceives the patterns of abnormal in situational awareness, and synthesizes interactions, filtering and drill-down to understand the detail information. To demonstrate the system’s capabilities, we utilize the VAST Challenge 2013 as case study.

Tao Zhang,Qi Liao,Lei Shi

DOI: https://doi.org/10.1109/PacificVis.2014.22

2014-01-01

Abstract:Large-scale networks have become increasingly challenging to manage. It is vital for a system administrator or network manager to be able to analyze the vast amount of log data in order to detect suspicious behaviors or patterns, possibly due to malicious users/applications or faulty devices. While an intrusion detection system (IDS) log can provide a large number of warnings, exactly which alarms are true while the others are false, and more importantly what are the underlying causes are still difficult to know. To bridge the gap between network log and anomaly discovery, we design and implement a visualization tool that combines multiple commodity visualizations with minimum learning curve. While each individual view is well understood, the effects of such views in analyzing network anomalies are not well studied. Since each visualization technique has advantages as well as limitations in addressing a particular task, we show that these views, when combined and linked together, may provide an effective and lightweight network anomaly analysis tool. The web-based open platform may simplify network administration as well as promote collaborative analysis among researchers.

Zhong Zengsheng,Zhao Ying,Shi Ronghua,Sheng Yingshuai,Liu Junrong,Meng Hua,Lin Dan

DOI: https://doi.org/10.1049/cje.2017.09.021

IF: 1.019

2018-01-01

Chinese Journal of Electronics

Abstract:Based on a university's practice in upgrading its network management platform, presents a visual analytic system which integrates network topological space, IP space and network geographical space into a collaborative solution to help network administrators address difficulties in locating end user and troubleshooting. Throughout the development cycle, we worked alongside with users to clarify their actual demands and habitual operations through scenario application, interviews and a variety of evaluation. This user-centered approach guides us step by step to apply cyber security visualization and visual analytic technology to actual use.

Ju Fan,Jiarong Qiu,Yuchen Li,Qingfei Meng,Dongxiang Zhang,Guoliang Li,Kian-Lee Tan,Xiaoyong Du

DOI: https://doi.org/10.1109/icde.2018.00178

2018-01-01

Abstract:The wide adoption of social networks has brought a new demand on influence analysis. This paper presents OCTOPUS that offers social network users and analysts valuable insights through topic-aware social influence analysis services. OCTOPUS has the following novel features. First, OCTOPUS provides a user-friendly interface that allows users to employ simple and easy-to-use keywords to perform influence analysis. Second, OCTOPUS provides three powerful keyword-based topic-aware influence analysis tools: keyword-based influential user discovery, personalized influential keywords suggestion, and interactive influential paths exploration. These tools can not only discover influential users, but also provide insights on how the users influence the network. Third, OCTOPUS enables online influence analysis, which provides end-users with instant results. We have implemented and deployed OCTOPUS, and demonstrate its usability and efficiency on two social networks.

Peggy Li,Yi Chao,Quoc Vu,Zhijin Li,John Farrara,Hongchun Zhang,Xiaochun Wang

DOI: https://doi.org/10.1109/oceans.2006.306858

2006-01-01

Abstract:OurOcean (http://ourocean.jpl.nasa.gov) is a web portal developed in JPL to enable users to easily access ocean science data, run data assimilation models, and visualize both data and models. Currently, OurOcean provides both real-time and retrospective analysis of observation data and ocean model simulations in the Pacific Ocean. We are particularly interested in the U.S. West Coastal Ocean with focused areas around Southern California, Central and Northern California, and Prince William Sound in Alaska. OurOcean serves four primary functions: 1) Retrieve, process, and archive real-time in-situ and satellite observation data and model outputs from distributed sources. 2) Produce value-added products by combining multiple data sources. 3) Supply various methods to access and visualize the data and model output. 4) Provide on-demand modeling capability for user to configure his/her own ocean model, submit and monitor the job status, and finally retrieve and visualize the model output. In this paper, we will present the infrastructure of the OurOcean portal, the architecture of the four servers and its underlined technologies. We will also discuss some state-of-the-art web technologies and computing technologies to be incorporated in OurOcean for interactive visualization and on-demand modeling.

Xie Cui,Song Jian,Dong Junyu

DOI: https://doi.org/10.1007/s12650-021-00774-y

IF: 1.7

2021-01-01

Journal of Visualization

Abstract:We present a novel integrated visualization system that enables interactive visual analysis of sea-surface temperature fronts near China sea. The occurrences and locations of fronts are identified by adjustable temperature gradient thresholds and real-time visual evaluations with an interactive interface. Then, we derive object-level features to characterize fronts and design multiple coordinated views for interactive exploring of fronts’ features (geographical distribution, the area, the intensity, the temporal trend and spatial state measurements) in both spatial and temporal domain to discover the various characteristics of SST fronts. Moreover, we integrate self-organizing map into the system for automatically clustering multiple fronts, design the novel composite U-matrix and component plane to evaluate the clustering outputs and allowing manually adjust the clusters affiliation by directly dragging and dropping nodes on an expandable tree. With the collaborative display of sequence-view, parallel coordinate plot and geographical map, the characteristics of similarities and differences between front clusters can be easily discovered. Finally, we present case studies highlighting the effectiveness of the system.

Jian Huang,Yingmei Wei,Xiaolei Du

DOI: https://doi.org/10.1109/icbda.2016.7509824

2016-01-01

Abstract:The enormous growth of data in the last decades led to big data challenge in the network security field. Traditional visual analysis method for large-scale network exploration is inadequate. Efficient methods for visual clutter reduction, network structure exploration and network behavior detection are needed. In this paper, we propose two methods: Enhanced Histogram Brush (EHB) and Flow-based Fast Newman (FFN) algorithm aim to assist the visual analysis task in large-scale network exploration. The EHB is a novel improvement in Parallel Coordinates to guide exploratory interactions especially for big data. The FFN algorithm can efficiently discover the network hierarchy and extremely reduce the visual clutter in the network layout. A visual analysis tool PCNET is designed and implemented on the basis of these two novel methods. PCNET is capable of visually analyzing vast amounts of network data. To better describe and demonstrate the usefulness and performance of PCNET, we utilize the ChinaVis2015 Challenge dataset as a case study.

Hanning Zhao,Bilhanan Silverajan

DOI: https://doi.org/10.1007/978-3-030-60816-3_23

2020-01-01

Abstract:Increasing cyberattacks in the maritime industry have highlighted the need for innovative approaches for effective cybersecurity responses. Considering the multiple stakeholders involved in maritime, collaboration and information sharing are essential for responding to cyber incidents and mitigation. However operational cybersecurity awareness is currently very low. This short paper presents the ongoing development of a dynamic security visualization platform for operational maritime cybersecurity. The platform can flexibly support collaboration among multiple stakeholders in the port ecosystem, while introducing multiple security roles to increase situational awareness. It also provides interfaces for communication among these roles as well as offering composable visualization widgets that can be customized to user needs.

ST Teoh,KL Ma,SF Wu,D Massey,XL Zhao,D Pei,L Wang,LX Zhang,R Bush

DOI: https://doi.org/10.1007/978-3-540-39671-0_14

2003-01-01

Abstract:To complement machine intelligence in anomaly event analysis and correlation, in this paper, we investigate the possibility of a human-interactive visual-based anomaly detection system for faults and security attacks related to the BGP (Border Gateway Protocol) routing protocol. In particular, we have built and tested a program, based on fairly simple information visualization techniques, to navigate interactively real-life BGP OASC (Origin AS Change) events. Our initial experience demonstrates that the integration of mechanical analysis and human intelligence can effectively improve the performance of anomaly detection and alert correlation. Furthermore, while a traditional representation of OASC events provides either little or no valuable information, our program can accurately identify, correlate previously unknown BGP/OASC problems, and provide network operators with a valuable high-level abstraction about the dynamics of BGP.

M D Poat,J Lauret,D Fedele

DOI: https://doi.org/10.1088/1742-6596/2438/1/012040

2023-02-17

Journal of Physics: Conference Series

Abstract:A difficult aspect of cyber security is the ability to achieve automated real time intrusion prevention across various sets of systems. To this extent, several companies are offering comprehensive solutions that leverage an "accuracy of scale" and moving much of the intelligence and detection on the Cloud, relying on an ever-growing set of data and analytics to increase decision accuracy. Often, they provide tools to visualize the decision workflows in attack prevention (as well as tune the algorithm) but those solutions are not always practical as companies see the problem as "global" that is, from a unified Cyber-security standpoint. However, a key to a successful Cyber-security program is transparency and trust: from an experimental team viewpoint, this specifically means having the ability to immediately see what and from where, who has been blocked and being able to inform the community in case of a revoked access without the need for filing a "ticket" (that may eventually be answered) – in other words, rapid response to their user-base is essential but solutions targeting "sub-groups" in an organization are not often available. We have come up with a versatile solution leveraging the ELK stack (Elasticsearch, Logstash, & Kibana) and an IPS (Intrusion Prevention System) based WAF (Web Application Firewall) from Signal Sciences. Signal Science allows the streaming of detailed logs in a Logstash format suitable for custom solutions for visualization. By combining these two tools, we have strengthened our security posture and enabled individual experiments to monitor their own traffic. Specifically, the IPS WAF provides unique data such as country of origin, protocol, response code, source IP, and paths accessed. In this contribution, we will show how we engineered a visualization solution so experiment groups could access a dashboard with predefined graphs but also, where they can create individual customizable dashboards used to display blocked traffic and troubleshoot latency issues. We will discuss the details and procedures for developing and configuring these tools and how it benefits cyber security postures across our scientific based environment.

English Else

ZHANG Haocheng,WU Xiaojie,TANG Xiang,SHU Runxuan,DING Tianchen,DONG Xiaoju

DOI: https://doi.org/10.11959/j.issn.2096-109x.2018015

2018-01-01

Abstract:With the fast development of information technology and computer network, the scale and complexity of network security data grows rapidly. Traditional visualization techniques are no longer suitable. In addition, it designs interactive functions based on the feature of network security analysis, in order to assist the network security analyst. The existing approaches for network security visualization have some defects, which fail to provide a good indication of network security data in terms of timing and also fail to display information completely and realize user-friendly interaction. A multi-view network security visualization system was proposed, which provided the analysts of both the static status and dynamic changes of the network by combining the force-oriented model and the staged animation. It provides comprehensive information with display and filter of protocols, IP segment and port. The system on Shanghai Network database were evaluated.

Ying Zhao,Xing Liang,Xiaoping Fan,Yiwen Wang,Mengjie Yang,Fangfang Zhou

DOI: https://doi.org/10.1007/s12650-014-0213-6

IF: 1.7

2014-01-01

Journal of Visualization

Abstract:In this article, we present a visual analytics system, MVSec, which helps analysts understand better what information flows under network security datasets. The major contributions of this work include: (1) a data fusion strategy for multiple heterogeneous datasets by using unified event tuple and statistic tuple data structure, which compress large scale datasets and lays the foundation of cooperative visual analysis; (2) multiple coordinated views, which provide analysts with multiple visual perspectives to characterize loud events, dig out subtle events and investigate relations of events in datasets; and (3) a contextual visual analysis with deductive viewpoints, which inspires analysts to explore hypotheses and reason their deductions from visual narratives. In case studies, we demonstrate in detail how the system helps analysts draw an analytical storyline and understand network situations better in VAST Challenge 2013. Additionally, we discuss lessons learned in designing our system and participating in VAST Challenge 2013, which is helpful and applicable not only to similar network security systems but also to other domains facing visual analytics challenges.

Kuai Xu,Feng Wang,Richard Egli,Aaron Fives,Russell Howell,Odayne Mcintyre

DOI: https://doi.org/10.1007/978-3-319-07782-6_29

2014-01-01

Abstract:Securing and managing home networks has recently become an increasingly challenging task due to the rapid growth of devices, applications and traffic in these networks. This paper presents a novel object-oriented big data security analytics for making sense of traffic data collection from home networks. We extract the source IP addresses from unwanted traffic towards real home networks as objects of interest, and subsequently characterize these objects with heterogeneous and streaming data sources including intrusion detection logs provided from distributed firewalls, Internet routing table snapshots from BGP routers, active probing results from open DNS resolver scanning, and IP-to-geographical mapping database. Our preliminary results have revealed a number of important findings and correlations on the objects of interests from these diverse and massive data-sets. To the best of our knowledge, this position paper is the first effort to introduce object-oriented perspective to perform security analytics on home network traffic.

Cui Xie,Mingkui Li,Haoying Wang,Junyu Dong

DOI: https://doi.org/10.1016/j.visinf.2019.08.001

2019-01-01

Visual Informatics

Abstract:A major challenge in analysis of huge amounts of ocean data is the complexity of the data and the inherent complexity of ocean dynamic processes. Interactive visual analysis serves as an efficient complementary approach for the detection of various phenomena or patterns, and correlation exploring or comparing multiple variables in researchers daily work. Firstly, this paper presents a basic concept of the ocean data produced from numerous measurement devices or computer simulations. The characteristics of ocean data and the related data processing techniques are also described. Secondly, the main tasks of ocean data analysis are introduced. Based on the main analysis tasks in the field of oceanography, the survey emphasizes related interactive visualization techniques and tools from four aspects: visualization of multiple ocean environmental elements and multivariate analysis, ocean phenomena identification and tracking, patterns or correlation discovery, ensembles and uncertainties exploration. Finally, the opportunities are discussed for future studies.

Bin YUAN,Deqing ZOU,Hai JIN

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.03.002

2016-01-01

Abstract:The developing of Internet techniques has brought many convenience into our daily life, such as on-line shop-ping, on-line entertainment, social network, etc. However, cyber-attack and cyber-crime have also become more and more common since Internet provides so many potential profits, which makes cyber security more and more important. Unfor-tunately, traditional cyber security approaches, such as firewall, IDS and IPS, are not efficient because they lack the feature of intelligence, dynamic nature and global view. As such, network security visualization is proposed. Visualization is not only efficient but also very effective at communicating information. Based on the analysis of network data, network secu-rity visualization transfers the invisible, unexpressed and abstract network data into visual images to provide a high-level view of security events to analysts for more timely and informed decisions. Visualization brings revolution to the network security research area and has developed very fast. In this paper, we provide a thorough survey of network security visu-alization, categorizing the related work based on the type of network data (since network data is the basis of network security visualization). Further, we analyze the issues and challenges regarding network security visualization and provide guidelines and directions for future work.

Kristin Glass,Richard Colbaugh

DOI: https://doi.org/10.48550/arXiv.1212.6810

2012-12-31

Abstract:An enormous volume of security-relevant information is present on the Web, for instance in the content produced each day by millions of bloggers worldwide, but discovering and making sense of these data is very challenging. This paper considers the problem of exploring and analyzing the Web to realize three fundamental objectives: 1.) security relevant information discovery; 2.) target situational awareness, typically by making (near) real-time inferences concerning events and activities from available observations; and 3.) predictive analysis, to include providing early warning for crises and forming predictions regarding likely outcomes of emerging issues and contemplated interventions. The proposed approach involves collecting and integrating three types of Web data, textual, relational, and temporal, to perform assessments and generate insights that would be difficult or impossible to obtain using standard methods. We demonstrate the efficacy of the framework by summarizing a number of successful real-world deployments of the methodology.

Social and Information Networks,Physics and Society