Network Traffic Visualization
Networks are getting bigger, viruses and trojans are getting more common, and
hackers are not quieting down. Keeping track of the status of an
institution's network is a challenge, even with or because of automated
intrusion detection mechanisms.
This work tries to look at visualizing vertain aspects of a network's
traffic to help the administrator to find instrusions or in general
unusual activity.
Automated intrusion detection systems like
Snort have gotten
very sensitive to many different kinds of attacks. So sensitive in fact
that they generate so many false alarms that the real alarms are drowned
in a sea of false messages.
To help a system administrator get a better idea for what's normal on his
system and what's not we have developed a number of 3D visualizations
that show network traffic to and from certain hosts as well as alerts
associated with external and/or internal hosts. These run interactively
and give the administrator a snapshot of the current state of his system.
The goal is to design these visualizations in way that makes attacks
stand out in a visual way, some examples can be seen in the snapshots on
the right above.
This is a pretty promising field that is just at the beginning.
There's a lot of things that can be done, please contact me if you're intersted in this.
- Started:
- 2004-08-01
- Ended:
- 2005-05-15
- Past Students:
-
Adam Oline
- Paper:
Oline, Adam, Reiners, Dirk
Exploring three-dimensional visualization for intrusion detection
in Visualization for Computer Security, 2005.(VizSEC 05). IEEE Workshop on