Please use this identifier to cite or link to this item:
Title: Integrated Network Traffic Visualization for Threat Detection, Analysis and Reporting
Authors: Kumar, Amit
Supervisor: Singh, Maninder
Keywords: Information Security;Network Visualization;Threat Detection;INTVS;Grid View;Listmap View;Platter View;CSED
Issue Date: 29-Jul-2015
Abstract: In this speedy and voluminous digital world the threat detection and reporting is a challenging task for a revert action. This research work highlights 5 Vs (Volume, Velocity, Variety, Vulnerability, Visualization based security system) of computer networking, which are getting attention of network administrators and network security providers. First 4 Vs are posing big challenges to handle the mischievous practices over the Internet, and fifth 'V' visualization based security solution (VizSec) is a promising solution, standing against network threats and having advantage over conventional approach of log based security. This research work encourage the network security analyst to adopt a new approach i.e. VizSec, which may lead to the development of a security solution based on visualization such as visualization based firewall. This research work discusses visualization schemes given by key researchers in the domain of VizSec in detail and highlights motivation to develop a VizSec. Traditional schemes by many researches like Flodar, Wisconsin Netpy, IDS Rainstrom, IDGraphs, Rumint, NfSen and VIAssist are capable to visualize upto third layer data of OSI model and some namely NVisionIP, VISUAL, VisFlow Connect-IP, SIFT, NetViewer, PortAll, TNV, InetVis, FlowTag, Flamingo, FloVis, NAV, ScanViewer, CCScanViewer and InfoVis, are capable to give data visualization of third and fourth layer of OSI model. Visualization systems reported in literature lack in one way or other to capture packets, tokenize, parse and then visualize them in an integrated interactive manner upto Layer 7 in real-time guided and unguided media form. Based on literature review it was clear that capability needs to be researched and developed to produce interactive visualization of network traffic in a seamless manner. In this work, a novel approach integrated network traffic visualization system (INTVS) is proposed, developed and validated which can capture, tokenize, parse, detect and report the threats in visual form based on data mining. INTVS is having component based architecture that provides the flexibility to add/remove any component. INTVS demonstrates three novel schemes- Grid view, Listmap view and Platter view. The grid view can display network traffic in different classified grids, based on application layer protocols. Listmap view gives a holistic view of all detected nodes in a network, whereas Platter view based on data mining deals with the visualization of campus area network traffic on single screen while identifying and mentioning the compromised networks and machines based on defined network policy. Two - dimensional analysis of whole campus area network facility is also offered, which is unique in its presentation - a user can have a drill down analysis of network to know, which VLAN is under attack or consuming maximum network resources? which machine in a VLAN or which application layer protocol is consuming maximum bandwidth? which machine is under attack.? INTVS is validated in both online and offline mode. INTVS as framework is bundled into live distribution CD, which can work as plug and play system with little human intervention. The usage of fuzzy set theory, fault tree analysis approach and fuzzy fault tree analysis of INTVS are used for validation. A FTA of INTVS is prepared, followed by fuzzy fault tree analysis of INTVS. A fuzzy data set is used to determine the reliability of INTVS.
Description: Ph.D, CSED
Appears in Collections:Doctoral Theses@CSED

Files in This Item:
File Description SizeFormat 
3434.pdf9.61 MBAdobe PDFThumbnail

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.