TY - GEN
T1 - Bridging the gap of network management and anomaly detection through interactive visualization
AU - Zhang, Tao
AU - Liao, Qi
AU - Shi, Lei
PY - 2014
Y1 - 2014
N2 - Large-scale networks have become increasingly challenging to manage. It is vital for a system administrator or network manager to be able to analyze the vast amount of log data in order to detect suspicious behaviors or patterns, possibly due to malicious users/applications or faulty devices. While an intrusion detection system (IDS) log can provide a large number of warnings, exactly which alarms are true while the others are false, and more importantly what are the underlying causes are still difficult to know. To bridge the gap between network log and anomaly discovery, we design and implement a visualization tool that combines multiple commodity visualizations with minimum learning curve. While each individual view is well understood, the effects of such views in analyzing network anomalies are not well studied. Since each visualization technique has advantages as well as limitations in addressing a particular task, we show that these views, when combined and linked together, may provide an effective and lightweight network anomaly analysis tool. The web-based open platform may simplify network administration as well as promote collaborative analysis among researchers.
AB - Large-scale networks have become increasingly challenging to manage. It is vital for a system administrator or network manager to be able to analyze the vast amount of log data in order to detect suspicious behaviors or patterns, possibly due to malicious users/applications or faulty devices. While an intrusion detection system (IDS) log can provide a large number of warnings, exactly which alarms are true while the others are false, and more importantly what are the underlying causes are still difficult to know. To bridge the gap between network log and anomaly discovery, we design and implement a visualization tool that combines multiple commodity visualizations with minimum learning curve. While each individual view is well understood, the effects of such views in analyzing network anomalies are not well studied. Since each visualization technique has advantages as well as limitations in addressing a particular task, we show that these views, when combined and linked together, may provide an effective and lightweight network anomaly analysis tool. The web-based open platform may simplify network administration as well as promote collaborative analysis among researchers.
KW - Network Anomaly Visualization
UR - http://www.scopus.com/inward/record.url?scp=84899554951&partnerID=8YFLogxK
U2 - 10.1109/PacificVis.2014.22
DO - 10.1109/PacificVis.2014.22
M3 - Conference contribution
AN - SCOPUS:84899554951
SN - 9781479928736
T3 - IEEE Pacific Visualization Symposium
SP - 253
EP - 257
BT - Proceedings - 2014 IEEE Pacific Visualization Symposium, PacificVis 2014
PB - IEEE Computer Society
T2 - 2014 7th IEEE Pacific Visualization Symposium, PacificVis 2014
Y2 - 4 March 2014 through 7 March 2014
ER -