Advertisement

Journal of Visualization

, Volume 17, Issue 3, pp 181–196 | Cite as

MVSec: multi-perspective and deductive visual analytics on heterogeneous network security data

  • Ying Zhao
  • Xing Liang
  • Xiaoping Fan
  • Yiwen Wang
  • Mengjie Yang
  • Fangfang Zhou
Regular Paper

Abstract

In this article, we present a visual analytics system, MVSec, which helps analysts understand better what information flows under network security datasets. The major contributions of this work include: (1) a data fusion strategy for multiple heterogeneous datasets by using unified event tuple and statistic tuple data structure, which compress large scale datasets and lays the foundation of cooperative visual analysis; (2) multiple coordinated views, which provide analysts with multiple visual perspectives to characterize loud events, dig out subtle events and investigate relations of events in datasets; and (3) a contextual visual analysis with deductive viewpoints, which inspires analysts to explore hypotheses and reason their deductions from visual narratives. In case studies, we demonstrate in detail how the system helps analysts draw an analytical storyline and understand network situations better in VAST Challenge 2013. Additionally, we discuss lessons learned in designing our system and participating in VAST Challenge 2013, which is helpful and applicable not only to similar network security systems but also to other domains facing visual analytics challenges.

Graphical abstract

Keywords

Information visualization Visual analytics Network security Vast challenge 

Notes

Acknowledgments

This work was supported by National Natural Science Foundation of China (Grant No. 61103108), Hunan Provincial Science and Technology Program (Grant Nos. 2012RS4049), Hunan Provincial Natural Science Foundation of China (Grant No. 12JJ3062), and Postdoc Research Funding in Central South University. The authors would also like to thank the data providers, IEEE VAST Challenge.

References

  1. Bass T (2000) Intrusion detection systems and multisensor data fusion[J]. Commun ACM 43(4):99–105CrossRefGoogle Scholar
  2. Cook K, Grinstein G, Whiting M et al (2012) VAST challenge 2012: visual analytics for big data[C]. In: Proceeding of the 2012 IEEE conference on visual analytics science and technology (VAST). IEEE, New York, pp 251–255Google Scholar
  3. Dumas M, Robert JM, McGuffin MJ (2012) Alertwheel: radial bipartite graph visualization applied to intrusion detection system alerts[J]. Netw IEEE 26(6):12–18CrossRefGoogle Scholar
  4. Erbacher RF (2012) Visualization design for immediate high-level situational assessment[C]. In: Proceedings of the ninth international symposium on visualization for cyber security. ACM, New York, pp 17–24Google Scholar
  5. Finamore A, Mellia M, Meo M et al (2011) Experiences of internet traffic monitoring with tstat[J]. Netw IEEE 25(3):8–14CrossRefGoogle Scholar
  6. Fink GA, Muessig P, North C (2005) Visual correlation of host processes and network traffic[C]. In: IEEE workshop on visualization for computer security, 2005 (VizSEC 05). IEEE, New York, pp 11–19Google Scholar
  7. Fischer F, Fuchs J, Vervier P A et al (2012) VisTracer: a visual analytics tool to investigate routing anomalies in traceroutes[C]. In: Proceedings of the ninth international symposium on visualization for cyber security. ACM, New York, pp 80–87Google Scholar
  8. Fischer F, Fuchs J, Mansmann F et al (2013) BANKSAFE: visual analytics for big data in large-scale computer networks[J]. Inform VisGoogle Scholar
  9. Ghidini G, Das S K, Gupta V (2012) Fuseviz: a framework for web-based data fusion and visualization in smart environments[C]. In: Proceeding of the 2012 IEEE ninth international conference on Mobile Adhoc and Sensor Systems (MASS). IEEE, New York, pp 468–472Google Scholar
  10. Goodall JR (2008) Introduction to visualization for computer security[M]. In: VizSEC 2007. Springer, Berlin, pp 1–17Google Scholar
  11. Grinstein G, Cook K, Havig P et al (2011) VAST 2011 challenge: cyber security and epidemic[J]. IEEE VAST 2011:299–301Google Scholar
  12. Havre S, Hetzler E, Whitney P et al (2002) Themeriver: visualizing thematic changes in large document collections[J]. IEEE Trans Vis Comput Graph 8(1):9–20CrossRefGoogle Scholar
  13. Koike H, Ohno K, Koizumi K (2005) Visualizing cyber attacks using IP matrix[C]. In: IEEE workshop on visualization for computer security, 2005 (VizSEC 05). IEEE, New York, pp 91–98Google Scholar
  14. Lakkaraju K, Yurcik W, Lee AJ (2004) NVisionIP: netflow visualizations of system state for security situational awareness[C]. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM, New York, pp 65–72Google Scholar
  15. Li B, Springer J, Bebis G et al (2013) A survey of network flow applications[J]. J Netw Comput Appl 36(2):567–581CrossRefGoogle Scholar
  16. Livnat Y, Agutter J, Moon S et al (2005) Visual correlation for situational awareness[C]. In: IEEE symposium on information visualization, 2005. INFOVIS 2005. IEEE, New York, pp 95–102Google Scholar
  17. Mansmann F, Keim DA, North SC et al (2007a) Visual analysis of network traffic for resource planning, interactive monitoring, and interpretation of security threats[J]. IEEE Trans Vis Comput Graph 13(6):1105–1112CrossRefGoogle Scholar
  18. Mansmann F, Keim DA, North SC et al (2007b) Visual analysis of network traffic for resource planning, interactive monitoring, and interpretation of security threats[J]. IEEE Trans Vis Comput Graph 13(6):1105–1112CrossRefGoogle Scholar
  19. Manyika J, Chui M, Brown B et al (2011) Big data: the next frontier for innovation, competition, and productivity[J]Google Scholar
  20. McPherson J, Ma KL, Krystosk P et al (2004) Portvis: a tool for port-based detection of security events[C]. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM, New York, pp 73–81Google Scholar
  21. Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends[J]. Comput Netw 51(12):3448–3470CrossRefGoogle Scholar
  22. Plonka D (2000) FlowScan: a network traffic flow reporting and visualization tool[C]. In: LISA, pp 305–317Google Scholar
  23. Ren P, Gao Y, Li Z et al (2005) IDGraphs: intrusion detection and analysis using histographs[C]. In: IEEE Workshop on visualization for computer security, 2005. (VizSEC 05). IEEE, New York, pp 39–46Google Scholar
  24. Shiravi H, Shiravi A, Ghorbani AA (2012) A survey of visualization systems for network security[J]. IEEE Trans Vis Comput Graph 18(8):1313–1329CrossRefGoogle Scholar
  25. Taylor T, Brooks S, McHugh J (2008) NetBytes viewer: an entity-based netflow visualization utility for identifying intrusive behavior[M]. In: VizSEC 2007. Springer, Berlin, pp 101–114Google Scholar
  26. Teoh ST, Ma KL, Wu SF et al (2002) Case study: interactive visualization for internet security[C]. In: Proceedings of the conference on Visualization’02. IEEE Computer Society, pp 505–508Google Scholar
  27. VAST Challenge 2013 (2013) Situation awareness and prospective analysis[C]. In: IEEE conference on visual analytics science and technology (VAST). IEEE, New YorkGoogle Scholar
  28. Walker R, ap Cenydd L, Pop S et al (2013) Storyboarding for visual analytics[J]. Inform VisGoogle Scholar
  29. Yin X, Yurcik W, Treaster M et al (2004) VisFlowConnect: netflow visualizations of link relationships for security situational awareness[C]. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security. ACM, New York, pp 26–34Google Scholar
  30. Zhao Y, Zhou FF, Fan XP et al (2013) IDSRadar: a real-time visualization framework for IDS alerts[J]. Sci China Inform Sci 1–12Google Scholar
  31. VAST Challenge Homepage [EB/OL]. http://www.vacommunity.org/VAST+Challenge+2013

Copyright information

© The Visualization Society of Japan 2014

Authors and Affiliations

  • Ying Zhao
    • 1
  • Xing Liang
    • 1
  • Xiaoping Fan
    • 1
    • 2
  • Yiwen Wang
    • 3
  • Mengjie Yang
    • 3
  • Fangfang Zhou
    • 1
  1. 1.School of Information Science and EngineeringCentral South UniversityChangshaChina
  2. 2.Laboratory of Networked SystemsHunan University of Finance and EconomicsChangshaChina
  3. 3.School of SoftwareCentral South UniversityChangshaChina

Personalised recommendations