Large-Scale Network Monitoring for Visual Analysis of Attacks View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2008-01-01

AUTHORS

Fabian Fischer , Florian Mansmann , Daniel A. Keim , Stephan Pietzko , Marcel Waldvogel

ABSTRACT

The importance of the Internet and our dependency on computer networks are steadily growing, which results in high costs and substantial consequences in case of successful intrusions, stolen data, and interrupted services. At the same time, a trend towards massive attacks against the network infrastructure is noticeable. Therefore, monitoring large networks has become an important field in practice and research. Through monitoring systems, attacks can be detected and analyzed to gain knowledge of how to better protect the network in the future. In the scope of this paper, we present a system to analyze NetFlow data using a relational database system. NetFlow records are linked with alerts from an intrusion detection system to enable efficient exploration of suspicious activity within the monitored network. Within the system, the monitored network is mapped to a TreeMap visualization, the attackers are arranged at the borders and linked using splines parameterized with prefix information. In a series of case studies, we demonstrate how the tool can be used to judge the relevance of alerts, to reveal massive distributed attacks, and to analyze service usage within a network. More... »

PAGES

111-118

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-540-85933-8_11

DOI

http://dx.doi.org/10.1007/978-3-540-85933-8_11

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1015240124


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/10", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Technology", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information Systems", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/1005", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Communications Technologies", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany", 
          "id": "http://www.grid.ac/institutes/grid.9811.1", 
          "name": [
            "Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Fischer", 
        "givenName": "Fabian", 
        "id": "sg:person.010123370725.91", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010123370725.91"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany", 
          "id": "http://www.grid.ac/institutes/grid.9811.1", 
          "name": [
            "Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Mansmann", 
        "givenName": "Florian", 
        "id": "sg:person.0646626305.02", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0646626305.02"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany", 
          "id": "http://www.grid.ac/institutes/grid.9811.1", 
          "name": [
            "Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Keim", 
        "givenName": "Daniel A.", 
        "id": "sg:person.0635776571.01", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0635776571.01"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany", 
          "id": "http://www.grid.ac/institutes/grid.9811.1", 
          "name": [
            "Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Pietzko", 
        "givenName": "Stephan", 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany", 
          "id": "http://www.grid.ac/institutes/grid.9811.1", 
          "name": [
            "Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Waldvogel", 
        "givenName": "Marcel", 
        "id": "sg:person.015025710266.10", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015025710266.10"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2008-01-01", 
    "datePublishedReg": "2008-01-01", 
    "description": "The importance of the Internet and our dependency on computer networks are steadily growing, which results in high costs and substantial consequences in case of successful intrusions, stolen data, and interrupted services. At the same time, a trend towards massive attacks against the network infrastructure is noticeable. Therefore, monitoring large networks has become an important field in practice and research. Through monitoring systems, attacks can be detected and analyzed to gain knowledge of how to better protect the network in the future. In the scope of this paper, we present a system to analyze NetFlow data using a relational database system. NetFlow records are linked with alerts from an intrusion detection system to enable efficient exploration of suspicious activity within the monitored network. Within the system, the monitored network is mapped to a TreeMap visualization, the attackers are arranged at the borders and linked using splines parameterized with prefix information. In a series of case studies, we demonstrate how the tool can be used to judge the relevance of alerts, to reveal massive distributed attacks, and to analyze service usage within a network.", 
    "editor": [
      {
        "familyName": "Goodall", 
        "givenName": "John R.", 
        "type": "Person"
      }, 
      {
        "familyName": "Conti", 
        "givenName": "Gregory", 
        "type": "Person"
      }, 
      {
        "familyName": "Ma", 
        "givenName": "Kwan-Liu", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-540-85933-8_11", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-540-85931-4", 
        "978-3-540-85933-8"
      ], 
      "name": "Visualization for Computer Security", 
      "type": "Book"
    }, 
    "keywords": [
      "monitored network", 
      "large-scale network monitoring", 
      "intrusion detection system", 
      "relational database systems", 
      "treemap visualization", 
      "NetFlow data", 
      "suspicious activities", 
      "database systems", 
      "computer networks", 
      "network infrastructure", 
      "NetFlow records", 
      "network monitoring", 
      "successful intrusion", 
      "prefix information", 
      "large networks", 
      "detection system", 
      "efficient exploration", 
      "massive attacks", 
      "network", 
      "service usage", 
      "visual analysis", 
      "attacks", 
      "important field", 
      "alerts", 
      "attacker", 
      "Internet", 
      "case study", 
      "system", 
      "same time", 
      "infrastructure", 
      "high cost", 
      "visualization", 
      "services", 
      "usage", 
      "information", 
      "tool", 
      "data", 
      "cost", 
      "dependency", 
      "exploration", 
      "monitoring", 
      "splines", 
      "knowledge", 
      "scope", 
      "intrusion", 
      "research", 
      "time", 
      "field", 
      "future", 
      "records", 
      "trends", 
      "practice", 
      "relevance", 
      "analysis", 
      "importance", 
      "cases", 
      "series", 
      "border", 
      "consequences", 
      "study", 
      "substantial consequences", 
      "activity", 
      "paper"
    ], 
    "name": "Large-Scale Network Monitoring for Visual Analysis of Attacks", 
    "pagination": "111-118", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1015240124"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-540-85933-8_11"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-540-85933-8_11", 
      "https://app.dimensions.ai/details/publication/pub.1015240124"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-09-02T16:14", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220902/entities/gbq_results/chapter/chapter_252.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-540-85933-8_11"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-85933-8_11'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-85933-8_11'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-85933-8_11'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-85933-8_11'


 

This table displays all metadata directly associated to this object as RDF triples.

171 TRIPLES      22 PREDICATES      90 URIs      80 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-540-85933-8_11 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 anzsrc-for:0806
4 anzsrc-for:10
5 anzsrc-for:1005
6 schema:author N050a5b0c183a4994882ce57f8b638476
7 schema:datePublished 2008-01-01
8 schema:datePublishedReg 2008-01-01
9 schema:description The importance of the Internet and our dependency on computer networks are steadily growing, which results in high costs and substantial consequences in case of successful intrusions, stolen data, and interrupted services. At the same time, a trend towards massive attacks against the network infrastructure is noticeable. Therefore, monitoring large networks has become an important field in practice and research. Through monitoring systems, attacks can be detected and analyzed to gain knowledge of how to better protect the network in the future. In the scope of this paper, we present a system to analyze NetFlow data using a relational database system. NetFlow records are linked with alerts from an intrusion detection system to enable efficient exploration of suspicious activity within the monitored network. Within the system, the monitored network is mapped to a TreeMap visualization, the attackers are arranged at the borders and linked using splines parameterized with prefix information. In a series of case studies, we demonstrate how the tool can be used to judge the relevance of alerts, to reveal massive distributed attacks, and to analyze service usage within a network.
10 schema:editor N9d3763e821e74c9fb02d8f6a20868b60
11 schema:genre chapter
12 schema:isAccessibleForFree true
13 schema:isPartOf Nb510eac397774bb9887068ac01bf3d8c
14 schema:keywords Internet
15 NetFlow data
16 NetFlow records
17 activity
18 alerts
19 analysis
20 attacker
21 attacks
22 border
23 case study
24 cases
25 computer networks
26 consequences
27 cost
28 data
29 database systems
30 dependency
31 detection system
32 efficient exploration
33 exploration
34 field
35 future
36 high cost
37 importance
38 important field
39 information
40 infrastructure
41 intrusion
42 intrusion detection system
43 knowledge
44 large networks
45 large-scale network monitoring
46 massive attacks
47 monitored network
48 monitoring
49 network
50 network infrastructure
51 network monitoring
52 paper
53 practice
54 prefix information
55 records
56 relational database systems
57 relevance
58 research
59 same time
60 scope
61 series
62 service usage
63 services
64 splines
65 study
66 substantial consequences
67 successful intrusion
68 suspicious activities
69 system
70 time
71 tool
72 treemap visualization
73 trends
74 usage
75 visual analysis
76 visualization
77 schema:name Large-Scale Network Monitoring for Visual Analysis of Attacks
78 schema:pagination 111-118
79 schema:productId N4bfecbe774464c10941c6708601a1269
80 N9a9e6b48fc9a4311bd396d99e606bad9
81 schema:publisher N6fa37808106f4ce6942708b4a828e1e5
82 schema:sameAs https://app.dimensions.ai/details/publication/pub.1015240124
83 https://doi.org/10.1007/978-3-540-85933-8_11
84 schema:sdDatePublished 2022-09-02T16:14
85 schema:sdLicense https://scigraph.springernature.com/explorer/license/
86 schema:sdPublisher N59cb9ecf4c874d5fa646ee95c520ce8b
87 schema:url https://doi.org/10.1007/978-3-540-85933-8_11
88 sgo:license sg:explorer/license/
89 sgo:sdDataset chapters
90 rdf:type schema:Chapter
91 N050a5b0c183a4994882ce57f8b638476 rdf:first sg:person.010123370725.91
92 rdf:rest Nd90e4e1469f645f6b9cd5644123e67cc
93 N0dba6f3719f746c2bf8504d77b073e5f rdf:first Nddd33cb6c9b141359d87e546b3ba9efc
94 rdf:rest N8aea22db83884e0c85ceed7bfef032e3
95 N400be0dca6304d929d4b6e08c050b844 rdf:first sg:person.0635776571.01
96 rdf:rest N0dba6f3719f746c2bf8504d77b073e5f
97 N4bfecbe774464c10941c6708601a1269 schema:name dimensions_id
98 schema:value pub.1015240124
99 rdf:type schema:PropertyValue
100 N59cb9ecf4c874d5fa646ee95c520ce8b schema:name Springer Nature - SN SciGraph project
101 rdf:type schema:Organization
102 N5ea5ae3d43374aa4b3cbe22241dceeb3 schema:familyName Goodall
103 schema:givenName John R.
104 rdf:type schema:Person
105 N62b55550e4e446b3b00e4cef5ad9840f rdf:first Ne9166b3b35d6453ab4c13001c1411943
106 rdf:rest rdf:nil
107 N6fa37808106f4ce6942708b4a828e1e5 schema:name Springer Nature
108 rdf:type schema:Organisation
109 N79a70195c2774a5482630e77b4b2cc01 rdf:first Nf1ad0c4fd0dc4abd8b29ceaa5d39aef7
110 rdf:rest N62b55550e4e446b3b00e4cef5ad9840f
111 N8aea22db83884e0c85ceed7bfef032e3 rdf:first sg:person.015025710266.10
112 rdf:rest rdf:nil
113 N9a9e6b48fc9a4311bd396d99e606bad9 schema:name doi
114 schema:value 10.1007/978-3-540-85933-8_11
115 rdf:type schema:PropertyValue
116 N9d3763e821e74c9fb02d8f6a20868b60 rdf:first N5ea5ae3d43374aa4b3cbe22241dceeb3
117 rdf:rest N79a70195c2774a5482630e77b4b2cc01
118 Nb510eac397774bb9887068ac01bf3d8c schema:isbn 978-3-540-85931-4
119 978-3-540-85933-8
120 schema:name Visualization for Computer Security
121 rdf:type schema:Book
122 Nd90e4e1469f645f6b9cd5644123e67cc rdf:first sg:person.0646626305.02
123 rdf:rest N400be0dca6304d929d4b6e08c050b844
124 Nddd33cb6c9b141359d87e546b3ba9efc schema:affiliation grid-institutes:grid.9811.1
125 schema:familyName Pietzko
126 schema:givenName Stephan
127 rdf:type schema:Person
128 Ne9166b3b35d6453ab4c13001c1411943 schema:familyName Ma
129 schema:givenName Kwan-Liu
130 rdf:type schema:Person
131 Nf1ad0c4fd0dc4abd8b29ceaa5d39aef7 schema:familyName Conti
132 schema:givenName Gregory
133 rdf:type schema:Person
134 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
135 schema:name Information and Computing Sciences
136 rdf:type schema:DefinedTerm
137 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
138 schema:name Artificial Intelligence and Image Processing
139 rdf:type schema:DefinedTerm
140 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
141 schema:name Information Systems
142 rdf:type schema:DefinedTerm
143 anzsrc-for:10 schema:inDefinedTermSet anzsrc-for:
144 schema:name Technology
145 rdf:type schema:DefinedTerm
146 anzsrc-for:1005 schema:inDefinedTermSet anzsrc-for:
147 schema:name Communications Technologies
148 rdf:type schema:DefinedTerm
149 sg:person.010123370725.91 schema:affiliation grid-institutes:grid.9811.1
150 schema:familyName Fischer
151 schema:givenName Fabian
152 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010123370725.91
153 rdf:type schema:Person
154 sg:person.015025710266.10 schema:affiliation grid-institutes:grid.9811.1
155 schema:familyName Waldvogel
156 schema:givenName Marcel
157 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015025710266.10
158 rdf:type schema:Person
159 sg:person.0635776571.01 schema:affiliation grid-institutes:grid.9811.1
160 schema:familyName Keim
161 schema:givenName Daniel A.
162 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0635776571.01
163 rdf:type schema:Person
164 sg:person.0646626305.02 schema:affiliation grid-institutes:grid.9811.1
165 schema:familyName Mansmann
166 schema:givenName Florian
167 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0646626305.02
168 rdf:type schema:Person
169 grid-institutes:grid.9811.1 schema:alternateName Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany
170 schema:name Computer and Information Science, University of Konstanz, 78457, Konstanz, Germany
171 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...