Abstract
Netflow logs record the interactions between host pairs on both sides of the monitored border, and have got more attention from researchers for security concerns. Such data allows analysts to find interesting patterns and security anomalies. Visual analytics provides interaction and visualization techniques that can support these tasks. In this paper, we present a system called NetflowVis to analyze communication patterns and network abnormalities from netflow logs. This system consists of four views, including the communication trajectories view, the traffic line view, the snapshot view and the protocol view. The communication trajectories view is a composite view that dynamically describes the communication trajectories. This view combines a link-node tree and an improved ThemeRiver. The protocol view is designed to display statistical data of the upstream and downstream traffic on different protocols, which is an improved radial view based on an area filling strategy. The system provides a multilevel analysis architecture for netflow cognition. In this paper, we also present a case study to demonstrate the effectiveness and usefulness of our system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Andrews, D.F.: Plots of high-dimensional data. Biometrics, pp. 125–136 (1972)
Chen, S., Guo, C., Yuan, X., Merkle, F., Schaefer, H., Ertl, T.: Oceans: online collaborative explorative analysis on network security. In: Proceedings of the Eleventh Workshop on Visualization for Cyber Security, pp. 1–8. ACM (2014)
Havre, S., Hetzler, B., Nowell, L.: Themeriver: visualizing theme changes over time. In: Proceedings of the IEEE Symposium on Information Vizualization 2000, pp. 115–123 (2000)
Huang, M., Huang, W. (eds.): Innovative Approaches of Data Visualization and Visual Analytics. IGI Global, 464 pages (2014)
Inselberg, A., Dimsdale, B.: Parallel coordinates: a tool for visualizing multi-dimensional geometry, San Francisco, pp. 361–375 (1990)
Kandogan, E.: Star coordinates: a multi-dimensional visualization technique with uniform treatment of dimensions. In: Proceedings of the IEEE Information Visualization Symposium, vol. 650, p. 22. Citeseer (2000)
Lakkaraju, K., Yurcik, W., Lee, A.J.: NVisionIP: netflow visualizations of system state for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 65–72. ACM (2004)
Lu, L.F., Zhang, J.W., Huang, M.L., Fu, L.: A new concentric-circle visualization of multi-dimensional data and its application in network security. J. Visual Lang. Comput. 21(4), 194–208 (2010)
Promrit, N., Mingkhwan, A.: Traffic flow classification and visualization for network forensic analysis. In: IEEE 29th International Conference on Advanced Information Networking and Applications (AINA), pp. 358–364. IEEE (2015)
Stoffel, F., Fischer, F., Keim, D.A.: Finding anomalies in time-series using visual correlation for interactive root cause analysis. In: Proceedings of the Tenth Workshop on Visualization for Cyber Security, pp. 65–72. ACM (2013)
Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 26–34. ACM (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
He, L., Tang, B., Zhu, M., Lu, B., Huang, W. (2016). NetflowVis: A Temporal Visualization System for Netflow Logs Analysis. In: Luo, Y. (eds) Cooperative Design, Visualization, and Engineering. CDVE 2016. Lecture Notes in Computer Science(), vol 9929. Springer, Cham. https://doi.org/10.1007/978-3-319-46771-9_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-46771-9_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46770-2
Online ISBN: 978-3-319-46771-9
eBook Packages: Computer ScienceComputer Science (R0)