Bridging the gap of network management and anomaly detection through interactive visualization

ISCAS OpenIR

	Bridging the gap of network management and anomaly detection through interactive visualization
	Zhang, Tao (1); Liao, Qi (1); Shi, Lei (2)
	2014
会议名称	2014 7th IEEE Pacific Visualization Symposium, PacificVis 2014
页码	253-257
会议日期	March 4, 2014 - March 7, 2014
会议地点	Yokohama, Kanagawa, Japan
收录类别	EI
出版地	IEEE Computer Society
ISSN	21658765
ISBN	9781479928736
部门归属	(1) Department of Computer Science, Central Michigan University, United States; (2) State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, China
摘要	Large-scale networks have become increasingly challenging to manage. It is vital for a system administrator or network manager to be able to analyze the vast amount of log data in order to detect suspicious behaviors or patterns, possibly due to malicious users/applications or faulty devices. While an intrusion detection system (IDS) log can provide a large number of warnings, exactly which alarms are true while the others are false, and more importantly what are the underlying causes are still difficult to know. To bridge the gap between network log and anomaly discovery, we design and implement a visualization tool that combines multiple commodity visualizations with minimum learning curve. While each individual view is well understood, the effects of such views in analyzing network anomalies are not well studied. Since each visualization technique has advantages as well as limitations in addressing a particular task, we show that these views, when combined and linked together, may provide an effective and lightweight network anomaly analysis tool. The web-based open platform may simplify network administration as well as promote collaborative analysis among researchers. © 2014 IEEE.; Large-scale networks have become increasingly challenging to manage. It is vital for a system administrator or network manager to be able to analyze the vast amount of log data in order to detect suspicious behaviors or patterns, possibly due to malicious users/applications or faulty devices. While an intrusion detection system (IDS) log can provide a large number of warnings, exactly which alarms are true while the others are false, and more importantly what are the underlying causes are still difficult to know. To bridge the gap between network log and anomaly discovery, we design and implement a visualization tool that combines multiple commodity visualizations with minimum learning curve. While each individual view is well understood, the effects of such views in analyzing network anomalies are not well studied. Since each visualization technique has advantages as well as limitations in addressing a particular task, we show that these views, when combined and linked together, may provide an effective and lightweight network anomaly analysis tool. The web-based open platform may simplify network administration as well as promote collaborative analysis among researchers. © 2014 IEEE.
语种	英语
内容类型	会议论文
URI标识	http://ir.iscas.ac.cn/handle/311060/16634
专题	中国科学院软件研究所
推荐引用方式 GB/T 7714	Zhang, Tao ,Liao, Qi ,Shi, Lei . Bridging the gap of network management and anomaly detection through interactive visualization[C]. IEEE Computer Society,2014:253-257.