Abstract
Distributed Denial-Of-Service (DDoS) is a common network attack where multiple computers attempt to disable a single system with overwhelming network traffic. Various data visualization methods have been developed to help explain, analyze, and deal with DDoS attacks. However, most of the existing visualization methods do not effectively present the temporal aspect of the DDoS attack data. In this paper, we present a novel DDoS visualization technique, NetTimeView, that applies spatio-temporal data visualization to DDoS data. This technique integrates network traffic data and temporal data in a single view. Its multi-layered visualization technique is able to handle very large data sets with efficient use of visualization space. This tool is particularly useful for system administrators and network security analysts to conduct network forensic analysis. We demonstrate our method with a case study of a large DDoS data set.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Shiravi, H., Shiravi, A., Ghorbani, A.: A survey of visualization systems for network security. IEEE Transactions on Visualization and Computer Graphics 18, 1313–1329 (2012)
Lakkaraju, K., Yurcik, W., Lee, A.J.: Nvisionip: netflow visualizations of system state for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 65–72. ACM (2004)
Kintzel, C., Fuchs, J., Mansmann, F.: Monitoring large ip spaces with clockview. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, VizSec 2011, pp. 2:1–2:10. ACM, New York (2011)
Conti, G., Abdullah, K., Grizzard, J., Stasko, J., Copeland, J., Ahamad, M., Owen, H.L., Lee, C.: Countering security information overload through alert and packet visualization. IEEE Computer Graphics and Applications 26, 60–70 (2006)
Koike, H., Ohno, K.: Snortview: visualization system of snort logs. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 143–147. ACM (2004)
Ren, P., Kristoff, J., Gooch, B.: Visualizing dns traffic. In: Proceedings of the 3rd International Workshop on Visualization for Computer Security, pp. 23–30. ACM (2006)
Zhang, J., Yang, G., Lu, L., Huang, M., Che, M.: A novel visualization method for detecting ddos network attacks. In: Huang, M.L., Nguyen, Q.V., Zhang, K. (eds.) Visual Information Communication, pp. 185–194. Springer, US (2010)
Pearlman, J., Rheingans, P.: Visualizing network security events using compound glyphs from a service-oriented perspective. In: VizSEC 2007, pp. 131–146. Springer (2008)
Google: Digital attack map (2014)
Krasser, S., Conti, G., Grizzard, J., Gribschaw, J., Owen, H.: Real-time and forensic network data analysis using animated and coordinated visualization. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005, pp. 42–49. IEEE (2005)
Nunnally, T., Chi, P., Abdullah, K., Uluagac, A.S., Copeland, J.A., Beyah, R.: P3d: A parallel 3d coordinate visualization for advanced network scans. In: 2013 IEEE International Conference on Communications (ICC), pp. 2052–2057. IEEE (2013)
Choi, H., Lee, H., Kim, H.: Fast detection and visualization of network attacks on parallel coordinates. Computers & Security 28, 276–288 (2009)
Tricaud, S., Saadé, P.: Applied parallel coordinates for logs and network traffic attack analysis. Journal in Computer Virology 6, 1–29 (2010)
Fischer, F., Mansmann, F., Keim, D.A., Pietzko, S., Waldvogel, M.: Large-scale network monitoring for visual analysis of attacks. Springer (2008)
Goodall, J.R., Sowul, M.: Viassist: Visual analytics for cyber defense. In: IEEE Conference on Technologies for Homeland Security, HST 2009, pp. 143–150. IEEE (2009)
Shrestha, A., Miller, B., Zhu, Y., Zhao, Y.: Storygraph: Extracting patterns from spatio-temporal data. In: Proceedings of the ACM SIGKDD Workshop on Interactive Data Exploration and Analytics, pp. 95–103. ACM (2013)
Shneiderman, B.: The eyes have it: A task by data type taxonomy for information visualizations. In: Proceedings of the IEEE Symposium on Visual Languages, pp. 336–343. IEEE (1996)
CAIDA: The caida ucsd ”ddos attack 2007” dataset (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Shrestha, A., Zhu, Y., Manandhar, K. (2014). NetTimeView: Applying Spatio-temporal Data Visualization Techniques to DDoS Attack Analysis. In: Bebis, G., et al. Advances in Visual Computing. ISVC 2014. Lecture Notes in Computer Science, vol 8887. Springer, Cham. https://doi.org/10.1007/978-3-319-14249-4_34
Download citation
DOI: https://doi.org/10.1007/978-3-319-14249-4_34
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14248-7
Online ISBN: 978-3-319-14249-4
eBook Packages: Computer ScienceComputer Science (R0)