A Survey of Network Traffic Visualization in Detecting Network Security Threats

  • Xiaomei Liu
  • Yong Sun
  • Liang Fang
  • Junpeng Liu
  • Lingjing Yu
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 520)


Analyzing network traffic to detect network security threats has drawn attentions from security researchers for decades. However, the new characteristics of network traffic, such as explosive growth, more diverse attack types and higher dimension, have brought us new challenges. Because of these challenges, traditional detecting technologies like log analysis cannot directly identify threats from traffic in time. Visualization can straightly and quickly display multi-dimensional information of large network traffic. It can be our powerful weapon to meet the challenges. In this paper, we classify the network traffic into four layers. According to different layer, we systematically survey several well-known network traffic visualization systems. Then we analyze the advantages and disadvantages for each system and give out the comparisons. We also introduce the future works for network traffic visualization.


Network traffic Network security Visualization 



This work was supported by The National Science and Technology Support Program (Grant No. 2012BAH46B02); the National Natural Science Foundation (Grant No. 61402464, 61402474).


  1. 1.
    McCormick, B.H., Defanti, T.A., Brown, M.D.: Visualization in scientific computing. Comput. Graphics 21(6), 1103–1109 (1987)Google Scholar
  2. 2.
    Lv, L., Zhang, J., Sun, J., He, P., Sun, L.: Survey of network security visualization techniques. Comput. Appl. 28(8), 1924–1927 (2008)Google Scholar
  3. 3.
    Oetiker, T.: Multi router traffic grapher.
  4. 4.
    Yi, L., Ni, W., Han, Z.: Network traffic statistic analysis and visualization system. Microelectron. Comput. 24(6), 153–155 (2007)Google Scholar
  5. 5.
    Popa, F.: Network traffic visualization. seminar innovative internet-technologien und mobilkommunikation, WS 2008/2009 Institut fr Informatik, Lehrstuhl Netzarchitekturen und Netzdienste Technische Universitt, MnchenGoogle Scholar
  6. 6.
  7. 7.
    Shi, L., Liao, Q., Yang, C.: Investigating network traffic through compressed graph visualization. In: VAST 2012 Mini Challenge 2 Award: Good Adaptation of Graph Analysis Techniques (2012)Google Scholar
  8. 8.
    Lau, S.: The spinning cube of potential doom. Commun. ACM 47(6), 25–26 (2004)CrossRefGoogle Scholar
  9. 9.
    Kim, S.S., Narasimha Reddy, A.L.: NetViewer: a network traffic visualization and analysis tool. In: LISA 2005 Paper, A M University, Texas (2005)Google Scholar
  10. 10.
    McPherson, J., Ma, K.-L., Krystosk, P., Bartoletti, T., Christensen, M.: Portvis: a tool for port-based detection of security events. In: VizSEC/DMSEC 2004 Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 73–81. ACM Press (2004)Google Scholar
  11. 11.
    Ball, R., Fink, G.A., North, C.: Home-centric visualization of network traffic for security administration. In: VizSEC/DMSEC04 Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 55–64. ACM Press (2004)Google Scholar
  12. 12.
    Yin, X., Yurcik, W., Li, Y., Lakkaraju, K., Abad, C.: VisFlowConnect: providing security situational awareness by visualizing networks traffic flow. In: Proceedings of the IEEE 2004 (2004)Google Scholar
  13. 13.
    Allen, M., McLachlan, P.: NAV network analysis visualization, University of British Columbia, 29 May 2009Google Scholar
  14. 14.
    Fischer, F., Mansmann, F., Keim, D.A., Pietzko, S., Waldvogel, M.: Large-scale network monitoring for visual analysis of attacks. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 111–118. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  15. 15.
    Ren, P., Gao, Y., Li, Z., Chen, Y., Watson, B.: IDGraph: intrusion detection and analysis using stream compositing. IEEE Comput. Graph. Appl. 26, 28–39 (2006)CrossRefGoogle Scholar
  16. 16.
    Bethel, E.W., Campbell, S., Dart, E.: Accelerating network traffic analytics using query-driven visualization. In: IEEE Symposium on Visual Analytics Science and Technology (2006)Google Scholar
  17. 17.
    Xiao, L., Gerth, J., Hanrahan, P.: Enhancing visual analysis of network traffic using knowledge representation. In: Proceedings of the IEEE Symposium on Visual Analytics Science and Technology (2006)Google Scholar
  18. 18.
    Ren, P., Kristoff, J., Gooch, B.: Visualizing DNS traffic. In: VizSEC 2006 Proceedings of the 3rd International Workshop on Visualization for Computer Security, pp. 23–30 (2006)Google Scholar
  19. 19.

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Xiaomei Liu
    • 1
    • 3
  • Yong Sun
    • 1
    • 3
  • Liang Fang
    • 2
    • 3
  • Junpeng Liu
    • 1
    • 3
  • Lingjing Yu
    • 1
    • 3
  1. 1.Institute of Information EngineeringChinese Academy of ScienceBeijingChina
  2. 2.Beijing University of Posts and TelecommunicationsBeijingChina
  3. 3.National Engineering Laboratory for Information Security TechnologiesBeijingChina

Personalised recommendations