Information Technology Reference
In-Depth Information
Glanfield et al. [4] have presented a tool called OverFlow, where flow relation-
ships are represented by concentric circles following flow hierarchies. PeekKer-
nelFlows respects flow hierarchies by using Aguri, but we focus more on the
differences between flows over time. A first version of the theoretical analysis
of PeekKernelFlows is presented in [12], where a game-theory driven model has
been used to assess the performance of the framework. Furthermore, in [12]
different attack strategies and defense measures are described, as for example
the manipulation of trac load or hidden attacks. Nevertheless, a detailed and
complete overview of this framework has not been described yet.
5Conluon
In this paper, a framework called PeekKernelFlows, for the evaluation of spa-
tial and temporarily aggregated Netflow records has been presented. PeekKer-
nelFlows uses a kernel function that maps Aguri trees onto a similarity score that
is further mapped onto the RGB color-space in on/off-line mode. Furthermore
the visualization technique has a an easily understandable outcome representa-
tion. A limitation of PeekKernelFlows is that by generating too much noise, an
attacker can not be detected anymore. To improve PeekKernelFlows, in future
work a new method for the spatial aggregation of Netflow records is planned and
the Human-Machine interaction increased by implementing additional features
like zoom or decisional features.
Acknowledgments
This project is supported by the FNR Luxembourg and we address special thanks
to RESTENA Luxembourg for their support.
References
1. Cifarelli, C., Nieddu, L., Seref, O., Pardalos, P.M.: K.-T.R.A.C.E.: A kernel k-
means procedure for classification. Computers and Operations Research 34(10),
3154-3161 (2007)
2. Cho, K., Kaizaki, R., Kato, A.: Aguri: An aggregation-based tra
c profiler. In:
Smirnov, M., Crowcroft, J., Roberts, J., Boavida, F. (eds.) QofIS 2001. LNCS,
vol. 2156, pp. 222-242. Springer, Heidelberg (2001)
3. Cowlishaw, M.F.: Fundamental Requirements for Picture Presentation. Proceed-
ings of the Society for Picture Presentation 26(2), 101-107 (1985)
4. Glanfield, J., Brooks, S., Taylor, T., Paterson, D., Smith, C., Gates, C., McHugh, J.:
OverFlow: An Overview Visualization for Network Analysis. In: 6th International
Workshop on Visualization for Cyber Security, Atlantic City, NJ (2009)
5. Goodall, J.R., Tesone, D.R.: Visual Analytics for Network Flow Analysis. In: Con-
ference for Homeland Security, Cybersecurity Applications & Technology, pp. 199-
204. IEEE, Los Alamitos (2009)
Search WWH ::
Custom Search