Visualizing network security events using compound glyphs from a service-oriented perspective

Abstract

Network security is the complicated field of controlling access within a computer network. One of the difficulties in network security is detecting the presence, severity, and type of a network attack. Knowledge of such an attack is used to mitigate its damage and prevent such attacks from occurring in the future. We present a new visualization of a computer network for security purposes by approaching the problem from a service-oriented perspective. This approach involves a node graph visualization where each node is represented as a compound glyph, which gives details about the network activity for the specific node based upon its service usage. Furthermore, we visualize temporal activity using time slicing techniques in the compound glyph to give more details about the network and allow interactive controls for an administrator to actively monitor a network in order to react to security events quickly. Our resulting visualizations of networks successfully identified and described denial of service (DoS) and compromised network attacks. © 2008 Springer-Verlag Berlin Heidelberg.