Visualizing Traffic Causality for Analyzing Network Anomalies

Hao Zhang, Maoyuan Sun, Danfeng (Daphne) Yao, Chris North
2015 Proceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics - IWSPA '15  
Monitoring network traffic and detecting anomalies are essential tasks that are carried out routinely by security analysts. The sheer volume of network requests often makes it difficult to detect attacks and pinpoint their causes. We design and develop a tool to visually represent the causal relations for network requests. The traffic causality information enables one to reason about the legitimacy and normalcy of observed network events. Our tool with a special visual locality property
more » ... different levels of visualbased querying and reasoning required for the sensemaking process on complex network data. Leveraging the domain knowledge, security analysts can use our tool to identify abnormal network activities and patterns due to attacks or stealthy malware. We conduct a user study that confirms our tool can enhance the readability and perceptibility of the dependency for host-based network traffic.
doi:10.1145/2713579.2713583 dblp:conf/codaspy/ZhangSYN15 fatcat:yobkjzt2xvgdloe723kvislpcy