A new concentric-circle visualization of multi-dimensional data and its application in network security

With the rapid growth of networked data communications in size and complexity, network administrators today are facing more challenges to protect their networked computers and devices from all kinds of attacks. This paper proposes a new concentric-circle visualization method for visualizing multi-di...

Full description

Saved in:
Bibliographic Details
Published in:Journal of visual languages and computing 2010-08, Vol.21 (4), p.194-208
Main Authors: Fu Lu, Liang, Wan Zhang, Jia, Lin Huang, Mao, Fu, Lei
Format: Article
Language:English
Subjects:
Concentric-circle coordinate
Crossing reduction
Multi-dimensional data visualization
Network intrusion detection
Network visualization
Polycurve
Security visualization
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the rapid growth of networked data communications in size and complexity, network administrators today are facing more challenges to protect their networked computers and devices from all kinds of attacks. This paper proposes a new concentric-circle visualization method for visualizing multi-dimensional network data. This method can be used to identify the main features of network attacks, such as DDoS attack, by displaying their recognizable visual patterns. To reduce the edge overlaps and crossings, we arrange multiple axes displayed as concentric circles rather than the traditional parallel lines. In our method, we use polycurves to link values (vertexes) rather than polylines used in parallel coordinate approach. Some heuristics are applied in our new method in order to improve the readability of views. We discuss the advantages as well as the limitations of our new method. In comparison with the parallel coordinate visualization, our approach can reduce more than 15% of the edge overlaps and crossings. In the second stage of the method, we have further enhanced the readability of views by increasing the edge crossing angle. Finally, we introduce our prototype system: a visual interactive network scan detection system called CCScanViewer. It is based on our new visualization approach and the experiments have showed that the new approach is effective in detecting attack features from a variety of networking patterns, such as the features of network scans and DDoS attacks. ► A novel geometric coordinate for multi-dimensional visualization is proposed that can reduce the edge crossings in comparison with other traditional coordinates, such as the parallel coordinate. ► It is proved mathematically that in proposed concentric-circle coordinate the number of line crossings can be greatly reduced in comparison with the parallel coordinate. ► A new visual analytics method for detecting DDoS network attacks is proposed and implemented.
ISSN:1045-926X
1095-8533
DOI:10.1016/j.jvlc.2010.05.002