VisFlowCluster-IP: Connectivity-based visual clustering of network hosts

Xiaoxin Yin, William Yurcik, Adam Slagell

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

With the increasing number of hostile network attacks, anomaly detection for network security has become an urgent task. As there have not been highly effective solutions for automatic intrusion detection, especially for detecting newly emerging attacks, network traffic visualization has become a promising technique for assisting network administrators to monitor network traffic and detect abnormal behaviors. In this paper we present VisFlowCluster-IP, a powerful tool for visualizing network traffic flows using network logs. It models the network as a graph by modeling hosts as graph nodes. It utilizes the force model to arrange graph nodes on a two-dimensional space, so that groups of related nodes can be visually clustered in a manner apparent to human eyes. We also propose an automated method for finding clusters of closely connected hosts in the visualization space. We present three real cases that validate the effectiveness of VisFlowCluster-IP in identifying abnormal behaviors.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in Dynamic Environments
Subtitle of host publicationProceedings of the IFIP TC-11 21st International Information Security Conference (SEC 2006), 22-24 May 2006, Karlstad, Sweden
EditorsSimone Fischer-Hubner, Stefan Lindskog, Guerin Lassous, Louise Yngstrom
Pages284-295
Number of pages12
DOIs
StatePublished - 2006

Publication series

NameIFIP International Federation for Information Processing
Volume201
ISSN (Print)1571-5736

ASJC Scopus subject areas

  • Information Systems and Management

Fingerprint Dive into the research topics of 'VisFlowCluster-IP: Connectivity-based visual clustering of network hosts'. Together they form a unique fingerprint.

Cite this