A new concentric-circle visualization of multi-dimensional data and its application in network security

Publisher:
Elsevier Ltd
Publication Type:
Journal Article
Citation:
Journal Of Visual Languages And Computing, 2010, 21 (4), pp. 194 - 208
Issue Date:
2010-01
Full metadata record
Files in This Item:
Filename Description Size
Thumbnail2009007684OK.pdf1.49 MB
Adobe PDF
With the rapid growth of networked data communications in size and complexity, network administrators today are facing more challenges to protect their networked computers and devices from all kinds of attacks. This paper proposes a new concentric-circle visualization method for visualizing multi-dimensional network data. This method can be used to identify the main features of network attacks, such as DDoS attack, by displaying their recognizable visual patterns. To reduce the edge overlaps and crossings, we arrange multiple axes displayed as concentric circles rather than the traditional parallel lines. In our method, we use polycurves to link values (vertexes) rather than polylines used in parallel coordinate approach. Some heuristics are applied in our new method in order to improve the readability of views. We discuss the advantages as well as the limitations of our new method. In comparison with the parallel coordinate visualization, our approach can reduce more than 15% of the edge overlaps and crossings. In the second stage of the method, we have further enhanced the readability of views by increasing the edge crossing angle. Finally, we introduce our prototype system: a visual interactive network scan detection system called CCScanViewer. It is based on our new visualization approach and the experiments have showed that the new approach is effective in detecting attack features from a variety of networking patterns, such as the features of network scans and DDoS attacks.
Please use this identifier to cite or link to this item: