Skip to Main Content
Detecting and analyzing the complex problems introduced by today's cybercriminal are challenging undertakings. System pirates are organized and exploit available machines worldwide to conduct their attacks. The attack patterns are complex, multi-variate, and, in the case of botnets, can generate a significant amount of traffic that is difficult to interpret. In order to understand these complex event structures and ascertain their possible correlations in multiple dimensions, a visualization method called parallel coordinates can be used. This paper introduces the basic theory behind parallel coordinates, and demonstrates the visualization of real-world examples of attacks observed through a month of Snort logs on a production server. The parallel coordinates-based visualization is accomplished using an open source visual intrusion detection system called Picviz, which can aid in the analysis of potentially malicious network traffic.