Visualizing Traffic Causality for Analyzing Network Anomalies
Hao Zhang, Maoyuan Sun, Danfeng Daphne Yao, Chris North
Abstract
Monitoring network traffic and detecting anomalies are essential tasks that are carried out routinely by security analysts. The sheer volume of network requests often makes it difficult to detect attacks and pinpoint their causes. We design and develop a tool to visually represent the causal relations for network requests. The traffic causality information enables one to reason about the legitimacy and normalcy of observed network events. Our tool with a special visual locality property supports different levels of visual-based querying and reasoning required for the sensemaking process on complex network data. Leveraging the domain knowledge, security analysts can use our tool to identify abnormal network activities and patterns due to attacks or stealthy malware. We conduct a user study that confirms our tool can enhance the readability and perceptibility of the dependency for host-based network traffic.
People
-
Bio Item
-
Bio Item
-
Bio Item
-
Bio Item
Publication Details
Date of publication: March 03, 2015
Conference: ACM International Workshop on International Workshop on Security and Privacy Analytics
Page number(s):
Volume:
Issue Number: