Preserving the big picture: Visual network traffic analysis with TNV

John R. Goodall, Wayne G. Lutters, Penny Rheingans, Anita Komlodi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

72 Citations (Scopus)

Abstract

When performing packet-level analysis in intrusion detection, analysts often lose sight of the "big picture" while examining these low-level details. In order to prevent this loss of context and augment the available tools for intrusion detection analysis tasks, we developed an information visualization tool, the Time-based Network traffic Visualizer (TNV). TNV is grounded in an understanding of the work practices of intrusion detection analysts, particularly foregrounding the overarching importance of context and time in the process of intrusion detection analysis. The main visual component of TNV is a matrix showing network activity of hosts over time, with connections between hosts superimposed on the matrix, complemented by multiple, linked views showing port activity and the details of the raw packets. Providing low-level textual data in the context of a high-level, aggregated graphical display enables analysts to examine packet-level details within the larger context of activity. This combination has the potential to facilitate the intrusion detection analysis tasks and help novice analysts learn what constitutes "normal" on a particular network.

Original languageEnglish
Title of host publicationIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings
Pages47-54
Number of pages8
DOIs
Publication statusPublished - Dec 1 2005
EventIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05 - Minneapolis, MN, United States
Duration: Oct 26 2005Oct 26 2005

Publication series

NameIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings

Other

OtherIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05
CountryUnited States
CityMinneapolis, MN
Period10/26/0510/26/05

    Fingerprint

Keywords

  • Information visualization
  • Intrusion detection
  • Network analysis
  • Network visualization

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Goodall, J. R., Lutters, W. G., Rheingans, P., & Komlodi, A. (2005). Preserving the big picture: Visual network traffic analysis with TNV. In IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings (pp. 47-54). [1532065] (IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings). https://doi.org/10.1109/VIZSEC.2005.1532065