Visualization of Host Behavior for Network Security View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2008-01-01

AUTHORS

F. Mansman , L. Meier , D. A. Keim

ABSTRACT

Monitoring host behavior in a network is one of the most essential tasks in the fields of network monitoring and security since more and more malicious code in the wild internet constantly threatens the network infrastructure. In this paper, we present a visual analytics tool that visualizes network host behavior through positional changes in a two-dimensional space using a force-directed graph layout algorithm.The tool’s interaction capabilities allow for visual exploration of network traffic over time and are demonstrated using netflow data as well as IDS alerts. Automatic accentuation of hosts with highly variable traffic results in fast hypothesis generation and confirmation of suspicious host behavior. By triggering the behavior graph from the HNMap tool, we were able to monitor more abstract network entities. More... »

PAGES

187-202

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-540-78243-8_13

DOI

http://dx.doi.org/10.1007/978-3-540-78243-8_13

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1037247328


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/10", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Technology", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information Systems", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/1005", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Communications Technologies", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of Konstanz, Germany", 
          "id": "http://www.grid.ac/institutes/grid.9811.1", 
          "name": [
            "University of Konstanz, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Mansman", 
        "givenName": "F.", 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Konstanz, Germany", 
          "id": "http://www.grid.ac/institutes/grid.9811.1", 
          "name": [
            "University of Konstanz, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Meier", 
        "givenName": "L.", 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Konstanz, Germany", 
          "id": "http://www.grid.ac/institutes/grid.9811.1", 
          "name": [
            "University of Konstanz, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Keim", 
        "givenName": "D. A.", 
        "id": "sg:person.0635776571.01", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0635776571.01"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2008-01-01", 
    "datePublishedReg": "2008-01-01", 
    "description": "Monitoring host behavior in a network is one of the most essential tasks in the fields of network monitoring and security since more and more malicious code in the wild internet constantly threatens the network infrastructure. In this paper, we present a visual analytics tool that visualizes network host behavior through positional changes in a two-dimensional space using a force-directed graph layout algorithm.The tool\u2019s interaction capabilities allow for visual exploration of network traffic over time and are demonstrated using netflow data as well as IDS alerts. Automatic accentuation of hosts with highly variable traffic results in fast hypothesis generation and confirmation of suspicious host behavior. By triggering the behavior graph from the HNMap tool, we were able to monitor more abstract network entities.", 
    "editor": [
      {
        "familyName": "Goodall", 
        "givenName": "John R.", 
        "type": "Person"
      }, 
      {
        "familyName": "Conti", 
        "givenName": "Gregory", 
        "type": "Person"
      }, 
      {
        "familyName": "Ma", 
        "givenName": "Kwan-Liu", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-540-78243-8_13", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-540-78242-1", 
        "978-3-540-78243-8"
      ], 
      "name": "VizSEC 2007", 
      "type": "Book"
    }, 
    "keywords": [
      "interaction capabilities", 
      "force-directed graph layout algorithms", 
      "visual analytics tool", 
      "graph layout algorithms", 
      "malicious code", 
      "network security", 
      "IDS alerts", 
      "NetFlow data", 
      "network entities", 
      "network infrastructure", 
      "network traffic", 
      "network monitoring", 
      "wild Internet", 
      "behavior graph", 
      "layout algorithm", 
      "visual exploration", 
      "essential task", 
      "analytic tools", 
      "traffic results", 
      "hypothesis generation", 
      "security", 
      "two-dimensional space", 
      "Internet", 
      "algorithm", 
      "traffic", 
      "tool", 
      "network", 
      "infrastructure", 
      "graph", 
      "task", 
      "alerts", 
      "visualization", 
      "code", 
      "capability", 
      "host behaviour", 
      "entities", 
      "space", 
      "exploration", 
      "monitoring", 
      "data", 
      "generation", 
      "behavior", 
      "time", 
      "field", 
      "results", 
      "host", 
      "changes", 
      "positional changes", 
      "accentuation", 
      "confirmation", 
      "paper"
    ], 
    "name": "Visualization of Host Behavior for Network Security", 
    "pagination": "187-202", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1037247328"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-540-78243-8_13"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-540-78243-8_13", 
      "https://app.dimensions.ai/details/publication/pub.1037247328"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-10-01T06:59", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221001/entities/gbq_results/chapter/chapter_456.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-540-78243-8_13"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-78243-8_13'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-78243-8_13'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-78243-8_13'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-78243-8_13'


 

This table displays all metadata directly associated to this object as RDF triples.

144 TRIPLES      22 PREDICATES      78 URIs      68 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-540-78243-8_13 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 anzsrc-for:0806
4 anzsrc-for:10
5 anzsrc-for:1005
6 schema:author N5c8fecc70bdb4d0aa9aea7782734e689
7 schema:datePublished 2008-01-01
8 schema:datePublishedReg 2008-01-01
9 schema:description Monitoring host behavior in a network is one of the most essential tasks in the fields of network monitoring and security since more and more malicious code in the wild internet constantly threatens the network infrastructure. In this paper, we present a visual analytics tool that visualizes network host behavior through positional changes in a two-dimensional space using a force-directed graph layout algorithm.The tool’s interaction capabilities allow for visual exploration of network traffic over time and are demonstrated using netflow data as well as IDS alerts. Automatic accentuation of hosts with highly variable traffic results in fast hypothesis generation and confirmation of suspicious host behavior. By triggering the behavior graph from the HNMap tool, we were able to monitor more abstract network entities.
10 schema:editor N763d43d39a2649ceb245934b98ccd17a
11 schema:genre chapter
12 schema:isAccessibleForFree true
13 schema:isPartOf Nf8b751cff0a24a2fa424073aad854126
14 schema:keywords IDS alerts
15 Internet
16 NetFlow data
17 accentuation
18 alerts
19 algorithm
20 analytic tools
21 behavior
22 behavior graph
23 capability
24 changes
25 code
26 confirmation
27 data
28 entities
29 essential task
30 exploration
31 field
32 force-directed graph layout algorithms
33 generation
34 graph
35 graph layout algorithms
36 host
37 host behaviour
38 hypothesis generation
39 infrastructure
40 interaction capabilities
41 layout algorithm
42 malicious code
43 monitoring
44 network
45 network entities
46 network infrastructure
47 network monitoring
48 network security
49 network traffic
50 paper
51 positional changes
52 results
53 security
54 space
55 task
56 time
57 tool
58 traffic
59 traffic results
60 two-dimensional space
61 visual analytics tool
62 visual exploration
63 visualization
64 wild Internet
65 schema:name Visualization of Host Behavior for Network Security
66 schema:pagination 187-202
67 schema:productId N050c9817f4e341209becd59eb1059446
68 N5198fb3299734eac9e09830f590c3024
69 schema:publisher N782d100f714846ac829c1bd1766549c9
70 schema:sameAs https://app.dimensions.ai/details/publication/pub.1037247328
71 https://doi.org/10.1007/978-3-540-78243-8_13
72 schema:sdDatePublished 2022-10-01T06:59
73 schema:sdLicense https://scigraph.springernature.com/explorer/license/
74 schema:sdPublisher Ne361019f00ef4202aedf42e9e085380a
75 schema:url https://doi.org/10.1007/978-3-540-78243-8_13
76 sgo:license sg:explorer/license/
77 sgo:sdDataset chapters
78 rdf:type schema:Chapter
79 N050c9817f4e341209becd59eb1059446 schema:name doi
80 schema:value 10.1007/978-3-540-78243-8_13
81 rdf:type schema:PropertyValue
82 N0f9d06f04849480aaeb383501e540f74 schema:familyName Ma
83 schema:givenName Kwan-Liu
84 rdf:type schema:Person
85 N5198fb3299734eac9e09830f590c3024 schema:name dimensions_id
86 schema:value pub.1037247328
87 rdf:type schema:PropertyValue
88 N5c8fecc70bdb4d0aa9aea7782734e689 rdf:first Nb974224eb5234a14b1073efd27c95f7f
89 rdf:rest Nb38efe0d1a854d8c84394cce0614a997
90 N64b1b817bc5b4501b1456c63fcb05e82 schema:familyName Goodall
91 schema:givenName John R.
92 rdf:type schema:Person
93 N763d43d39a2649ceb245934b98ccd17a rdf:first N64b1b817bc5b4501b1456c63fcb05e82
94 rdf:rest Nb6757e020aa245fbbd3fa25a7a9885f5
95 N782d100f714846ac829c1bd1766549c9 schema:name Springer Nature
96 rdf:type schema:Organisation
97 N81371a7533df405ba8e7d6760186074c schema:affiliation grid-institutes:grid.9811.1
98 schema:familyName Meier
99 schema:givenName L.
100 rdf:type schema:Person
101 Na8936cbcd07544ea9e6b0d4f3dfb1b42 rdf:first sg:person.0635776571.01
102 rdf:rest rdf:nil
103 Nb38efe0d1a854d8c84394cce0614a997 rdf:first N81371a7533df405ba8e7d6760186074c
104 rdf:rest Na8936cbcd07544ea9e6b0d4f3dfb1b42
105 Nb6757e020aa245fbbd3fa25a7a9885f5 rdf:first Nebe6a707aff04c3f85bc5caed615e1ea
106 rdf:rest Nf18aad7d9505420faea83783fab20ea4
107 Nb974224eb5234a14b1073efd27c95f7f schema:affiliation grid-institutes:grid.9811.1
108 schema:familyName Mansman
109 schema:givenName F.
110 rdf:type schema:Person
111 Ne361019f00ef4202aedf42e9e085380a schema:name Springer Nature - SN SciGraph project
112 rdf:type schema:Organization
113 Nebe6a707aff04c3f85bc5caed615e1ea schema:familyName Conti
114 schema:givenName Gregory
115 rdf:type schema:Person
116 Nf18aad7d9505420faea83783fab20ea4 rdf:first N0f9d06f04849480aaeb383501e540f74
117 rdf:rest rdf:nil
118 Nf8b751cff0a24a2fa424073aad854126 schema:isbn 978-3-540-78242-1
119 978-3-540-78243-8
120 schema:name VizSEC 2007
121 rdf:type schema:Book
122 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
123 schema:name Information and Computing Sciences
124 rdf:type schema:DefinedTerm
125 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
126 schema:name Artificial Intelligence and Image Processing
127 rdf:type schema:DefinedTerm
128 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
129 schema:name Information Systems
130 rdf:type schema:DefinedTerm
131 anzsrc-for:10 schema:inDefinedTermSet anzsrc-for:
132 schema:name Technology
133 rdf:type schema:DefinedTerm
134 anzsrc-for:1005 schema:inDefinedTermSet anzsrc-for:
135 schema:name Communications Technologies
136 rdf:type schema:DefinedTerm
137 sg:person.0635776571.01 schema:affiliation grid-institutes:grid.9811.1
138 schema:familyName Keim
139 schema:givenName D. A.
140 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0635776571.01
141 rdf:type schema:Person
142 grid-institutes:grid.9811.1 schema:alternateName University of Konstanz, Germany
143 schema:name University of Konstanz, Germany
144 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...