Home Research Data Visualization

 

Data Visualization
      
  Visualization, in the security sense, is the process of generating a picture based on log records. It defines how the log records are mapped into a visual representation.
  
Current Members:
 

Ali Shiravi

Hadi Shiravi                     
Previous Members:
 

Iosif-Viorel Onut

   

 

Overview


Data visualization is a technique which humans have been used in almost every situation for centuries. In network security field, data visualization is considered to be one of the main ingredients that network administrators use for representing different features of the network itself. Even though from the detection point of view it is rather inefficient to let the network administrator identify intrusions, to the best of our knowledge, most of the commercially available Intrusion Prevention Systems (IPS) do not work in prevention mode, but the validation of any detected intrusion as well as the appropriate response is ultimately done by the network administrator himself. In order to do that, he needs to understand and monitor every aspect of the network, the most intuitive way being through a visualization techniques. Thus, despite all the criticisms against the visualization technique as a detection method, we cannot foresee a possible total replacement of this approach in the near future.

Our aim is to combine both anomaly and visualization techniques in such a way that a network administrator will gain significant knowledge regarding possible anomalies in the network. The network is viewed as a community of hosts which interact by changing packets. Since in a network there might be hundreds of hosts, we aim to highlight only the abnormal ones. Furthermore, once an anomaly is displayed, the administrator has the possibility to dive into detail in order to accept or deny the possible threat.

Related Publications


Iosif-Viorel Onut and Ali A. Ghorbani. SVision: A novel Visual Network-anomaly identification technique. Computers & Security (COMPSEC), 26(3):201--212, 2007.

Iosif-Viorel Onut, Bin Zhu, and Ali A. Ghorbani. SVision: A network host-centered anomaly visualization technique. In Proceedings of Information Security Conference (ISC), LNCS 3650, pages 16-28, 2005.

Iosif-Viorel Onut, Bin Zhu, and Ali A. Ghorbani. SVision: Visual identification of scanning and denial of service attacks. In Proceedings of International Conference on Information Security, Enformatica, Voulme 6, pages 37-40, 2005.

Iosif-Viorel Onut, Bin Zhu, and Ali A. Ghorbani. A novel visualization technique for network anomaly detection. In Proceedings of the 2nd Annual Conference on Privacy, Security and Trust (PST), 2004.