Visualization Tools for Network Attacks
If you would like to visually explore computer network attacks and provide possibilities for large-scale network monitoring combined with visual analysis our NFlowVis prototype is the right choice. We make use of enhanced treemap representations combined with splines to highlight connections and attacks to the monitored computer network. In the backend we correlate NetFlow traffic with alerts of intrusion detection systems to explore and monitor the underlying computer network with this visual analytics application.
Visualization Tools for Temporal Network Traffic
These glyph-based approaches represent large time-series in matrix or hierarchical layouts. With the help of these tools large amounts of hosts can be explored in a computer networks to identify suspicious behavior or interesting usage patterns. These techniques can also be applied to other domains and tend to be quite generic.
ClockView is a visual analytics tool for monitoring large IP spaces with automatic algorithms and clock-based visualizations. The glyphs are represented in a matrix layout, which helps the user to identify similar patterns and groups of hosts having the same temporal behavior.
Since circular treemaps sacrifice the space-filling property and since higher level circles only approximately match the aggregated size of their descendants, they are rarely used in practice. However, for drawing circular glyphs their shape preserving property can outweigh these disadvantages and facilitate comparative tasks within and across hierarchy levels. There are tasks, where circual representations are not beneficial (e.g., for comparing the exact sizes), however, the circular layout does represent the hierarchical structure in a very intuitive way. We make use of this technique to visually explore hierarchical time-series data retrieved from network traffic or system monitoring applications.
Visualization Tools for BGP Traceroutes
Routing in the Internet is vulnerable to attacks due to the insecure design of the border gateway protocol (BGP). One possible exploitation of this insecure design is the hijacking of IP blocks. Such hijacked IP blocks can then be used to conduct malicious activities from seemingly legitimate IP addresses. To combine the strengths of human judgement and computational efficiency, we thus present VisTracer, which is a visual analytics tool to investigate routing anomalies in traceroutes.
Big Data Visual Analytics for Situational Awareness
The enormous growth of data in the last decades led to a wide variety of different database technologies. Nowadays, we are capable of storing vast amounts of structured and unstructured data. We introduce Banksafe, which was built for the VAST Challenge 2012 and won the outstanding comprehensive submission award. Banksafe is based on modern database technologies and is capable of visually analyzing vast amounts of monitoring data and security-related datasets of large-scale computer networks.