Regresar

VisFlowConnect: Providing security situational awareness by visualizing network traffic flows

Abstract:

We present the design and implementation of VisFlowConnect, a powerful new tool for visualizing network traffic flow dynamics for situational awareness. The visualization capability provided by VisFlowConnect allows an operator to assess the state of a large and complex network given an overall view of the entire network and filter/drill-down features with a friendly user interface that allows users to request more detailed information of interest such as specific protocol traffic flows. The value of VisFlowConnect specifically for security situational awareness is that any security event, with only a few minor exceptions, will be reflected as a traffic flow. Thus using VisFlowConnect a user will "see" all security events. We show several experiments in which abnormal behaviors with security implications have been discovered and analyzed using VisFlowConnect. These experiments demonstrate how VisFlowConnect can be a uniquely effective tool to assist security administrators in securing their computer networks.

Año de publicación:

2004

Keywords:

    Fuente:

    googlegoogle
    scopusscopus

    Tipo de documento:

    Conference Object

    Estado:

    Acceso restringido

    Áreas de conocimiento:

    • Red informática
    • Simulación por computadora

    Áreas temáticas:

    • Ciencias de la computación

    Contribuidores:

    Cristina L. AbadCristina L. Abad
    Lakkaraju K.Lakkaraju K.
    Li Y.Li Y.
    Yurcik W.Yurcik W.
    Yin X.Yin X.