Institutional Repository
| Bridging the gap of network management and anomaly detection through interactive visualization | |
| Zhang, Tao (1); Liao, Qi (1); Shi, Lei (2) | |
| 2014 | |
| Conference Name | 2014 7th IEEE Pacific Visualization Symposium, PacificVis 2014 |
| Pages | 253-257 |
| Conference Date | March 4, 2014 - March 7, 2014 |
| Conference Place | Yokohama, Kanagawa, Japan |
| Indexed Type | EI |
| Publish Place | IEEE Computer Society |
| ISSN | 21658765 |
| ISBN | 9781479928736 |
| Department | (1) Department of Computer Science, Central Michigan University, United States; (2) State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, China |
| English Abstract | Large-scale networks have become increasingly challenging to manage. It is vital for a system administrator or network manager to be able to analyze the vast amount of log data in order to detect suspicious behaviors or patterns, possibly due to malicious users/applications or faulty devices. While an intrusion detection system (IDS) log can provide a large number of warnings, exactly which alarms are true while the others are false, and more importantly what are the underlying causes are still difficult to know. To bridge the gap between network log and anomaly discovery, we design and implement a visualization tool that combines multiple commodity visualizations with minimum learning curve. While each individual view is well understood, the effects of such views in analyzing network anomalies are not well studied. Since each visualization technique has advantages as well as limitations in addressing a particular task, we show that these views, when combined and linked together, may provide an effective and lightweight network anomaly analysis tool. The web-based open platform may simplify network administration as well as promote collaborative analysis among researchers. © 2014 IEEE.; Large-scale networks have become increasingly challenging to manage. It is vital for a system administrator or network manager to be able to analyze the vast amount of log data in order to detect suspicious behaviors or patterns, possibly due to malicious users/applications or faulty devices. While an intrusion detection system (IDS) log can provide a large number of warnings, exactly which alarms are true while the others are false, and more importantly what are the underlying causes are still difficult to know. To bridge the gap between network log and anomaly discovery, we design and implement a visualization tool that combines multiple commodity visualizations with minimum learning curve. While each individual view is well understood, the effects of such views in analyzing network anomalies are not well studied. Since each visualization technique has advantages as well as limitations in addressing a particular task, we show that these views, when combined and linked together, may provide an effective and lightweight network anomaly analysis tool. The web-based open platform may simplify network administration as well as promote collaborative analysis among researchers. © 2014 IEEE. |
| Language | 英语 |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/16634 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Zhang, Tao ,Liao, Qi ,Shi, Lei . Bridging the gap of network management and anomaly detection through interactive visualization[C]. IEEE Computer Society,2014:253-257. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment