A Visualization Technique for Monitoring of Network Flow Data

Research and development of IDS (intrusion Detection System) is a hot topic for the purpose of security maintenance of computer network. We have already presented a technique for visualizing logs of IDS. However, the present IDS products detect only known suspicious accesses, and therefore we need an extended visualization technique if we would like to visualize the statistics of malicious accesses unknown by IDS products. This report proposes a technique for visualizing statistics of suspicious accesses, including the accesses not detected as intrusions by IDS products. The technique first constructs hierarchy of computers according to their IP addresses, and represents the groups of computers by the information visualization technique ”HeiankyoView”. Simultaneously, it reads the special network flow log files, which records information of buffer overflows, shellcodes, and intrusions detected by IDS products. Finally, it represents the statistics of the suspicious accesses recorded in the logs. Against our previous technique visualized only intrusions recorded to logs of IDS products, the presented technique enables discovery of more various malicious attacks.