Home-centric visualization of network traffic for security administration

Robert Ball, Glenn A. Fink, Chris North
2004 Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security - VizSEC/DMSEC '04  
Today's system administrators, burdened by rapidly increasing network activity, must quickly perceive the security state of their networks, but they often have only text-based tools to work with. These tools often provide no overview to help users grasp the big-picture. Our interviews with administrators have revealed that they need visualization tools; thus, we present VISUAL (Visual Information Security Utility for Administration Live), a network security visualization tool that allows users
more » ... that allows users to see communication patterns between their home (or internal ) networks and external hosts. VI-SUAL is part of our Network Eye security visualization architecture, also described in this paper. We have designed and tested a new computer security visualization that gives a quick overview of current and recent communication patterns in the monitored network to the users. Many tools can detect and show fan-out and fan-in, but VISUAL shows network events graphically, in context. Visualization helps users comprehend the intensity of network events more intuitively than text-based tools can. VI-SUAL provides insight for networks with up to 2,500 home hosts and 10,000 external hosts, shows the relative activity of hosts, displays them in a constant relative position, and reveals the ports and protocols used.
doi:10.1145/1029208.1029217 dblp:conf/vizsec/BallFN04 fatcat:enhgptkft5ecpi7klqrnbgb73i