This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Visual Analysis of Network Traffic for Resource Planning, Interactive Monitoring, and Interpretation of Security Threats
November/December 2007 (vol. 13 no. 6)
pp. 1105-1112
The Internet has become a wild place: malicious code is spread on personal computers across the world, deploying botnets ready to attack the network infrastructure. The vast number of security incidents and other anomalies overwhelms attempts at manual analysis, especially when monitoring service provider backbone links. We present an approach to interactive visualization with a case study indicating that interactive visualization can be applied to gain more insight into these large data sets. We superimpose a hierarchy on IP address space, and study the suitability of Treemap variants for each hierarchy level. Because viewing the whole IP hierarchy at once is not practical for most tasks, we evaluate layout stability when eliding large parts of the hierarchy, while maintaining the visibility and ordering of the data of interest.

[1] T. Bates, P. Smith, and G. Huston CIDR Report, September 2006. http://bgp.potaroo.netcidr/.
[2] B. B. Bederson, B. Shneiderman, and M. Wattenberg, Ordered and quantum treemaps: Making effective use of 2d space to display hierarchies. ACM Trans. Graph., 21 (4): 833–854, 2002.
[3] M. Bruls, K. Huizing, and J. J. Van Wijk Squarified treemaps. In , Proceedings of the Joint Eurographics and IEEE TCVG Symposium on Visualization, pages 33–42, 2000.
[4] B. Cheswick, H. Burch, and S. Branigan, Mapping and visualizing the internet. In Proc. 2000 USENIX Annual Techincal Conference, pages 1–12, 2000.
[5] K. C. Claffy Caida: Visualizing the internet. IEEE Internet Computing, 05 (1): 88, 2001.
[6] E. F. Codd, S. B. Codd, and C. T. Salley, Providing OLAP (on-line analytical processing) to user-analysts: An IT mandate. Technical report, E.F.Codd & Associates, 1993.
[7] M. Dodge and R. Kitchin, Atlas of Cyberspace. Addison-Wesley, 2001.
[8] J.-D. Fekete and C. Plaisant Interactive information visualization of a million items. In InfoVis 2002, IEEE Symposium on Information Visualization, pages 117–124, Los Alamitos, CA, USA, 2002. IEEE Computer Society.
[9] G. A. Fink, and C. North Root polar layout of internet address data for security administration. In Proc. IEEE Workshop on Visualization for Computer Security (VizSEC), pages 55–64, October 2005.
[10] J. Hawkinson, and T. Bates, RFC 1930 Guidelines for creation, selection, and registration of an Autonomous System (AS), March 1996.
[11] R. Heilmann, D. A. Keim, C. Panse, and M. Sips RecMap: Rectangular Map Approximations. In InfoVis 2004, IEEE Symposium on Information Visualization, Austin, Texas, pages 33–40, October 2004.
[12] T. Itoh, H. Takakura, A. Sawada, and K. Koyamada Hierarchical visualization of network intrusion detection data. , IEEE Computer Graphics and Applications, 26 (02): 40–47, 2006.
[13] B. Johnson and B. Shneiderman Tree-maps: A space filling approach to the visualization of hierarchical information structures. In VIS '91: Proceedings of the 2nd IEEE Conference on Visualization, pages 284–291, 1991.
[14] D. A. Keim, F. Mansmann, J. Schneidewind, and T. Schreck Monitoring network traffic with radial traffic analyzer. In , Proc. of IEEE Symposium on Visual Analytics Science and Technology 2006 (VAST 2006), pages 123–128, 2006.
[15] Z. M. Mao, D. Johnson, J. Rexford, J. Wang, and R. H. Katz, Scalable and accurate identification of as-level forwarding paths. In INFOCOM, volume 3, pages 1605–1615, 2004.
[16] Maxmind, Ltd. Geoip database, 2007. http:/www.maxmind.com.
[17] T. B. Pedersen and C. S. Jensen Multidimensional database tech, nology. IEEE Computer, 34 (12): 40–46, 2001.
[18] T. Schreck, D. A. Keim, and F. Mansmann Regular treemap layouts for visual analysis of hierarchical data. In Spring Conference on Computer Graphics (SCCG'2006), April 20–22, Casta Papiernicka, Slovak Republic, pages 184–191. ACM Siggraph, 2006.
[19] Symantec. Symantec Internet Security Threat Report: Trends for July–December 06, March 2007. Volume XI.
[20] S. T. Teoh, K.-L. Ma, S. F. Wu, and T. Jankun-Kelly, Detecting flaws and intruders with visual data analysis. IEEE Computer Graphics and Applications, 24 (5): 27–35, 2004.
[21] M. van Krevelda and B. Speckmann On rectangular cartograms. Computational Geometry, 37 (3): 175–187, 2007.

Index Terms:
Information visualization, network security, network monitoring, treemap
Citation:
Florian Mansmann, Daniel A. Keim, Stephen C. North, Brian Rexroad, Daniel Sheleheda, "Visual Analysis of Network Traffic for Resource Planning, Interactive Monitoring, and Interpretation of Security Threats," IEEE Transactions on Visualization and Computer Graphics, vol. 13, no. 6, pp. 1105-1112, Nov.-Dec. 2007, doi:10.1109/TVCG.2007.70612
Usage of this product signifies your acceptance of the Terms of Use.