 |
|
|||
| Authors: | Eduard Glatz |
| Group: | Communication Systems |
| Type: | Inproceedings |
| Title: | Visualizing Host Traffic through Graphs |
| Year: | 2010 |
| Month: | September |
| Pub-Key: | Gla10b |
| Book Titel: | 7th International Symposium on Visualization for Cyber Security (VizSec) |
| Keywords: | Visualization, Network Security |
| Publisher: | ACM |
| Abstract: | Gaining an overview of host activities is hard when a host is busily exchanging hundreds or thousands of flows over a network. This makes investigating traffic of a suspicious host a tedious task for a security analyst. We propose a novel host traffic visualization technique that reduces this cognitive burden by i) representing traffic through an annotated k-partite graph reflecting familiar Berkeley socket model semantics, ii) employing a host role summarization for effective removal of ephemeral traffic features, and iii) providing classification and filtering techniques for unwanted traffic, which are important for identifying the functional role of port numbers and for visualization. We present the open-source tool HAPviewer and demonstrate how it can visualize a large number of flows through a compact and easily interpretable graph. |
| Location: | Ottawa, Ontario, Canada |
| Resources: | [BibTeX] |
