2006 journal article

IDGraphs: Intrusion detection and analysis using stream compositing

IEEE COMPUTER GRAPHICS AND APPLICATIONS, 26(2), 28–39.

co-author countries: United States of America πŸ‡ΊπŸ‡Έ
MeSH headings : Computer Communication Networks; Computer Graphics; Information Storage and Retrieval / methods; Signal Processing, Computer-Assisted; Software; User-Computer Interface
Source: Web Of Science
Added: August 6, 2018

IDGraphs is an interactive visualization system, supporting intrusion detection over massive network traffic streams. It features a novel time-versus-failed-connections mapping that aids in discovery of attack patterns. The number of failed connections (SYN-SYN/ACK) is a strong indicator of suspicious network flows. IDGraphs offers several flow aggregation methods that help reveal different attack patterns. The system also offers high visual scalability through the use of Histographs. The IDGraphs intrusion detection system detects and analyzes a variety of attacks and anomalies, including port scanning, worm outbreaks, stealthy TCP SYN flooding, and some distributed attacks. In this article, we demonstrate IDGraphs using a single day of NetFlow network traffic traces collected at edge routers at Northwestern University which has several OC-3 links.