SVision: A Network Host-Centered Anomaly Visualization Technique

  • Iosif-Viorel Onut
  • Bin Zhu
  • Ali A. Ghorbani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3650)


We proposed a technique merged from a combination of both anomaly and graphical methods, for intrusion detection. The network is pictured as a community of hosts that exchange messages among themselves. Our aim is to graphically highlight those hosts that represent a possible threat for the network, so that a network administrator will be able to further explore the anomaly and decide upon the responses that are appropriate. We choose to test our view against the DARPA 99 intrusion detection and evaluation dataset since it provides labels which we can use to monitor our system. Experiments show our visualization technique as a possible alternative for detection of network intrusions, in particular Denial of Service (DoS) and Distributed-DoS attacks such as Ping Of Death, UDP storm, SSH Process Table, and Smurf, to name a few.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Zhao, C., Mayo, J.: A tcp/udp visualization tool: Visual tcp/udp animator(vta). In: ICEE International Conference on Engineering Education UMIST, Manchester, UK, pp. 18–22 (2002)Google Scholar
  2. 2.
    Q1Labs: Qradar (May 9, 2005 last access),
  3. 3.
    Erbacher, R.F.: Visual traffic monitoring and evaluation. In: Conference on Internet Performance and Control of Network Systems II, Denver, CO, USA, pp. 153–160 (2001)Google Scholar
  4. 4.
    Erbacher, R.F., Frincke, D.: Visual behavior characterization for intrusion and misuse detection. In: SPIE 2001 Conference on Visual Data Exploration and Analysis VIII, San Jose, CA, USA, pp. 210–218 (2001)Google Scholar
  5. 5.
    Erbacher, R.F., Sobylak, K.: Improving intrusion analysis effectiveness. In: Workshop on Computer Forensics, Moscow (2002)Google Scholar
  6. 6.
    Fisk, M., Smith, S., Weber, P., Kothapally, S., Caudell, T.: Immersive network monitoring. In: The Passive and Active MeasurementWorkshop (PAM 2003), SDSC at UC San Diego 9500 Gilman Drive La Jolla, CA 92093-0505 U.S.A. (2003) Google Scholar
  7. 7.
    Nyarko, K., Capers, T., Scott, C., Ladeji-Osias, K.: Network intrusion visualization with niva, an intrusion detection visual analyzer with haptic integration. In: 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems, p. 277 (2002)Google Scholar
  8. 8.
    Paxon, V.: Automated packet trace analysis of tcp implementations. In: SIGCOMM, pp. 167–179 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Iosif-Viorel Onut
    • 1
  • Bin Zhu
    • 1
  • Ali A. Ghorbani
    • 1
  1. 1.Faculty of Computer ScienceUniversity of New Brunswick FrederictonCanada

Personalised recommendations