TY - GEN
T1 - A novel visualization approach for efficient network-wide traffic monitoring
AU - Samak, Taghrid
AU - El-Atawy, Adel
AU - Al-Shaer, Ehab
AU - Ismail, Mohamed
PY - 2007
Y1 - 2007
N2 - Network traffic visualization provides very effective means for monitoring anomalous activities as well as detecting large scale network attacks. This work proposes a novel and flexible technique for representing traffic activities that reside in network flows and their patterns. The technique utilizes a set of different Space-Filling Curves (SFC) to map the collected statistics to images that emphasize traffic patterns. Our approach to use the enhanced locality of SFC clustering property makes anomalies such as large scale DDoS attacks and scanning activities easily identifiable, compared to other traditional techniques. Also, widely dispersed communication patterns are rendered easier to understand using our proposed traffic-to-image mappings. This new representation preserves traffic properties leading to more accurate and robust anomaly detection even if aggressive compression is performed on the resulting images. In addition, using our proposed technique, the relation between multiple packet fields can be easily obtained to analyze correlated attacks.
AB - Network traffic visualization provides very effective means for monitoring anomalous activities as well as detecting large scale network attacks. This work proposes a novel and flexible technique for representing traffic activities that reside in network flows and their patterns. The technique utilizes a set of different Space-Filling Curves (SFC) to map the collected statistics to images that emphasize traffic patterns. Our approach to use the enhanced locality of SFC clustering property makes anomalies such as large scale DDoS attacks and scanning activities easily identifiable, compared to other traditional techniques. Also, widely dispersed communication patterns are rendered easier to understand using our proposed traffic-to-image mappings. This new representation preserves traffic properties leading to more accurate and robust anomaly detection even if aggressive compression is performed on the resulting images. In addition, using our proposed technique, the relation between multiple packet fields can be easily obtained to analyze correlated attacks.
UR - https://www.scopus.com/pages/publications/34748826914
U2 - 10.1109/E2EMON.2007.375319
DO - 10.1109/E2EMON.2007.375319
M3 - Conference contribution
AN - SCOPUS:34748826914
SN - 1424412897
SN - 9781424412891
T3 - Fifth IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services, E2EMON'07
BT - Fifth IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services, E2EMON'07
T2 - 5th IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services, E2EMON'07
Y2 - 21 May 2007 through 21 May 2007
ER -