Large-scale Network Monitoring for Visual Analysis of Attacks

Vorschaubild
Dateien
vizsec2008.pdf
vizsec2008.pdfGröße: 6.3 MBDownloads: 1251
Datum
2008
Autor:innen
Pietzko, Stephan
Herausgeber:innen
Kontakt
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
URI (zitierfähiger Link)
http://nbn-resolving.de/urn:nbn:de:bsz:352-opus-68488
DOI (zitierfähiger Link)
https://doi.org/10.1007/978-3-540-85933-8_11
ArXiv-ID
Internationale Patentnummer
Link zur Lizenz
Attribution-NonCommercial-NoDerivs 2.0 Generic
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Open Access Green
Sammlungen
Informatik und Informationswissenschaft
Core Facility der Universität Konstanz
Gesperrt bis
Titel in einer weiteren Sprache
Forschungsvorhaben
Organisationseinheiten
Zeitschriftenheft
Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published
Erschienen in
GOODALL, John R., ed., Gregory CONTI, ed., Kwan-Liu MA, ed.. Visualization for Computer Security. Berlin, Heidelberg: Springer Berlin Heidelberg, 2008, pp. 111-118. Lecture Notes in Computer Science. ISSN 0302-9743. eISSN 1611-3349. ISBN 978-3-540-85931-4. Available under: doi: 10.1007/978-3-540-85933-8_11
Zusammenfassung

The importance of the Internet and our dependency on computer networks are steadily growing, which results in high costs and substantial consequences in case of successful intrusions, stolen data, and interrupted services. At the same time, a trend towards massive attacks against the network infrastructure is noticeable. Therefore, monitoring large networks has become an importatnt field in practice and research. Through monitoring systems, attacks can be detected and analyzed to gain knowledge of how to better protect the network in the future. In the scope of this paper, we present a system to analyze NetFlow data using a relational database system. NetFlow records are linked with alerts from an intrusion detection system to enable efficient exploration of suspicious activity within the monitored network. Within the system, the monitored network is mapped to a TreeMap visualization, the attackers are arranged at the borders and linked using splines parameterized with prefix information. In a series of case studies, we demonstrate how the tool can be used to judge the relevance of alerts, to reveal massive distributed attacks, and to analyze service usage within a network.

Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
004 Informatik
Schlagwörter
visual network monitoring, visualization for network security, large-scale net ow analysis
Konferenz
Rezension
undefined / . - undefined, undefined
Zitieren
ISO 690FISCHER, Fabian, Florian MANSMANN, Daniel A. KEIM, Stephan PIETZKO, Marcel WALDVOGEL, 2008. Large-scale Network Monitoring for Visual Analysis of Attacks. In: GOODALL, John R., ed., Gregory CONTI, ed., Kwan-Liu MA, ed.. Visualization for Computer Security. Berlin, Heidelberg: Springer Berlin Heidelberg, 2008, pp. 111-118. Lecture Notes in Computer Science. ISSN 0302-9743. eISSN 1611-3349. ISBN 978-3-540-85931-4. Available under: doi: 10.1007/978-3-540-85933-8_11
BibTex
@inproceedings{Fischer2008Large-5511,
  year={2008},
  doi={10.1007/978-3-540-85933-8_11},
  title={Large-scale Network Monitoring for Visual Analysis of Attacks},
  isbn={978-3-540-85931-4},
  issn={0302-9743},
  publisher={Springer Berlin Heidelberg},
  address={Berlin, Heidelberg},
  series={Lecture Notes in Computer Science},
  booktitle={Visualization for Computer Security},
  pages={111--118},
  editor={Goodall, John R. and Conti, Gregory and Ma, Kwan-Liu},
  author={Fischer, Fabian and Mansmann, Florian and Keim, Daniel A. and Pietzko, Stephan and Waldvogel, Marcel}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/5511">
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5511/1/vizsec2008.pdf"/>
    <dc:contributor>Pietzko, Stephan</dc:contributor>
    <dc:creator>Mansmann, Florian</dc:creator>
    <dcterms:title>Large-scale Network Monitoring for Visual Analysis of Attacks</dcterms:title>
    <dc:contributor>Keim, Daniel A.</dc:contributor>
    <dcterms:issued>2008</dcterms:issued>
    <dc:language>eng</dc:language>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dc:contributor>Mansmann, Florian</dc:contributor>
    <dc:contributor>Waldvogel, Marcel</dc:contributor>
    <dc:contributor>Fischer, Fabian</dc:contributor>
    <dcterms:rights rdf:resource="http://creativecommons.org/licenses/by-nc-nd/2.0/"/>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:56:07Z</dc:date>
    <dcterms:abstract xml:lang="eng">The importance of the Internet and our dependency on computer networks are steadily growing, which results in high costs and substantial consequences in case of successful intrusions, stolen data, and interrupted services. At the same time, a trend towards massive attacks against the network infrastructure is noticeable. Therefore, monitoring large networks has become an importatnt field in practice and research. Through monitoring systems, attacks can be detected and analyzed to gain knowledge of how to better protect the network in the future. In the scope of this paper, we present a system to analyze NetFlow data using a relational database system. NetFlow records are linked with alerts from an intrusion detection system to enable efficient exploration of suspicious activity within the monitored network. Within the system, the monitored network is mapped to a TreeMap visualization, the attackers are arranged at the borders and linked using splines parameterized with prefix information. In a series of case studies, we demonstrate how the tool can be used to judge the relevance of alerts, to reveal massive distributed attacks, and to analyze service usage within a network.</dcterms:abstract>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/5511"/>
    <dcterms:bibliographicCitation>First publ. in: Visualization for Computer Security: 5th Internat. Workshop, Proceedings / John R. Goodall ... (Eds.). - Berlin: Springer, 2008, pp. 111-118</dcterms:bibliographicCitation>
    <dc:creator>Fischer, Fabian</dc:creator>
    <dc:rights>Attribution-NonCommercial-NoDerivs 2.0 Generic</dc:rights>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dc:creator>Pietzko, Stephan</dc:creator>
    <dc:creator>Waldvogel, Marcel</dc:creator>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:56:07Z</dcterms:available>
    <dc:creator>Keim, Daniel A.</dc:creator>
    <dc:format>application/pdf</dc:format>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5511/1/vizsec2008.pdf"/>
  </rdf:Description>
</rdf:RDF>
Interner Vermerk
xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter
Kontakt
URL der Originalveröffentl.
Prüfdatum der URL
Prüfungsdatum der Dissertation
Finanzierungsart
Kommentar zur Publikation
Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
Begutachtet
Diese Publikation teilen