Evaluating visualization approaches to detect abnormal activities in network traffic data

Designing innovative approaches to detect intrusive network activities is considered as one of the most significant research topics in network security. Various computational methods are proposed to discover unknown attacks, but validating suspicious activities and understanding their unique charact...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of information security Vol. 20; no. 3; pp. 331 - 345
Main Authors Ji, Soo-Yeon, Jeong, Bong-Keun, Jeong, Dong Hyun
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 01.06.2021
Springer Nature B.V
Subjects
Coding and Information Theory
Communications Engineering
Communications traffic
Computer Communication Networks
Computer Science
Cryptology
Data analysis
Graph representations
Graphical representations
Literature reviews
Management of Computing and Information Systems
Networks
Operating Systems
Regular Contribution
Visualization
Network security
Visualization
Visual analytics
Intrusion detection
Online AccessGet full text

Cover

More Information
Summary:Designing innovative approaches to detect intrusive network activities is considered as one of the most significant research topics in network security. Various computational methods are proposed to discover unknown attacks, but validating suspicious activities and understanding their unique characteristics are still difficult. To address this limitation, several visualization systems have been designed, which aim to enhance the ability of understanding data visually. However, the effectiveness of visualization techniques for network traffic data analysis has not been fully examined. In this paper, we performed in-depth literature review on visualization techniques for network traffic data analysis. From the review, we identified four key approaches that should be utilized in designing an effective network traffic visualization system: data filtration and transformation, pixel-based visualization, graph representation, and coordinated multi-views. To determine the effectiveness of the four visualization approaches, we developed several prototype visualizations and examined the complexity of implementation, requirement of data preprocessing, understandability of network patterns, and identifiability of abnormal network events.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-020-00504-9