The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March/April (2006 vol.26)
pp: 40-47
Takayuki Itoh , Ochanomizu University
Hiroki Takakura , Kyoto University
Atsushi Sawada , Kyoto University
Koji Koyamada , Kyoto University
ABSTRACT
This article presents a visualization technique for log files of intrusion detection systems (IDSs), especially for a large-scale computer network connecting to thousands of computers. The technique first constructs hierarchical data of computers according to their IP addresses. It then visualizes the hierarchical data as bars and nested rectangles in a 2D display space, where bars denote computers and rectangles denote groups of computers. The technique represents the statistics of incidents for thousands of computers in one display space by mapping the number of incidents as bar heights. The technique attempts to minimize the display space; therefore, it enables the computers to be represented as clickable metaphors so that each computer's user interface presents its detail on demand. Also, the technique can help a user understand the relationship between a distribution of incidents and the organization of real society, because IP addresses are usually assigned according to the physical and organizational layouts of real society. The article introduces interesting behavior that the presented technique visualizes, including malicious accesses on real large-scale computer networks as discovered from over sixty thousands lines of a real IDS log file.
INDEX TERMS
Hierarchical data visualization, Rectangle packing, Intrusion detection system, IP address space
CITATION
Takayuki Itoh, Hiroki Takakura, Atsushi Sawada, Koji Koyamada, "Hierarchical Visualization of Network Intrusion Detection Data", IEEE Computer Graphics and Applications, vol.26, no. 2, pp. 40-47, March/April 2006, doi:10.1109/MCG.2006.34
REFERENCES
1. Y.D. Cai et al., "Maids: Mining Alarming Incidents from Data Streams," Proc. Int'l Conf. Management of Data (SIGMOD), ACM Press, 2004, pp. 919-920.
2. S.J. Stolfo et al., "Data Mining-Based Intrusion Detectors: An Overview of the Columbia IDS," Project SIGMOD Record, vol. 30, no. 4, 2001, pp. 5-14.
3. T. Itoh et al., "Hierarchical Data Visualization Using a Fast Rectangle-Packing Algorithm," IEEE Trans. Visualization and Computer Graphics, vol. 10, no. 3, 2004, pp. 302-313.
4. T. Itoh and F. Yamashita, "Visualization of Multidimensional Data of Bioactive Chemicals Using a Hierarchical Data Visualization Technique 'HeiankyoView'," to be published in Proc. Asia Pacific Symp. Information Visualization (APVIS), Australian Computer Soc., 2006.
5. Y. Yamaguchi and T. Itoh, "Visualization of Distributed Processes Using 'Data Jewelry Box' Algorithm," Proc. Computer Graphics Int'l, IEEE CS Press, 2003, pp. 162-169.
16 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool