By Topic

Visualizing Network Activity Using Parallel Coordinates

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)

Detecting and analyzing the complex problems introduced by today's cybercriminal are challenging undertakings. System pirates are organized and exploit available machines worldwide to conduct their attacks. The attack patterns are complex, multi-variate, and, in the case of botnets, can generate a significant amount of traffic that is difficult to interpret. In order to understand these complex event structures and ascertain their possible correlations in multiple dimensions, a visualization method called parallel coordinates can be used. This paper introduces the basic theory behind parallel coordinates, and demonstrates the visualization of real-world examples of attacks observed through a month of Snort logs on a production server. The parallel coordinates-based visualization is accomplished using an open source visual intrusion detection system called Picviz, which can aid in the analysis of potentially malicious network traffic.

Published in:

System Sciences (HICSS), 2011 44th Hawaii International Conference on

Date of Conference:

4-7 Jan. 2011