Contextual network navigation to provide situational awareness for network administrators
Research output: Contribution to conference › Paper › peer-review
Standard Standard
2015. Paper presented at Visualization for Cyber Security (VizSec), 2015 IEEE Symposium on, Chicago, United States.
Research output: Contribution to conference › Paper › peer-review
HarvardHarvard
APA
CBE
MLA
VancouverVancouver
Author
RIS
TY - CONF
T1 - Contextual network navigation to provide situational awareness for network administrators
AU - Gray, Cameron
AU - Ritsos, Panagiotis D.
AU - Roberts, Jonathan C.
PY - 2015/11/2
Y1 - 2015/11/2
N2 - One of the goals of network administrators is to identify and block sources of attacks from a network steam. Various tools have been developed to help the administrator identify the IP or subnet to be blocked, however these tend to be non-visual. Having a good perception of the wider network can aid the administrator identify their origin, but while network maps of the Internet can be useful for such endeavors, they are difficult to construct, comprehend and even utilize in an attack, and are often referred to as being “hairballs”. We present a visualization technique that displays pathways back to the attacker; we include all potential routing paths with a best-efforts identification of the commercial relationships involved. These two techniques can potentially highlight common pathways and/or networks to allow faster, more complete resolution to the incident, as well as fragile or incomplete routing pathways to/from a network. They can help administrators re-profile their choice of IP transit suppliers to better serve a target audience.
AB - One of the goals of network administrators is to identify and block sources of attacks from a network steam. Various tools have been developed to help the administrator identify the IP or subnet to be blocked, however these tend to be non-visual. Having a good perception of the wider network can aid the administrator identify their origin, but while network maps of the Internet can be useful for such endeavors, they are difficult to construct, comprehend and even utilize in an attack, and are often referred to as being “hairballs”. We present a visualization technique that displays pathways back to the attacker; we include all potential routing paths with a best-efforts identification of the commercial relationships involved. These two techniques can potentially highlight common pathways and/or networks to allow faster, more complete resolution to the incident, as well as fragile or incomplete routing pathways to/from a network. They can help administrators re-profile their choice of IP transit suppliers to better serve a target audience.
U2 - 10.1109/VIZSEC.2015.7312769
DO - 10.1109/VIZSEC.2015.7312769
M3 - Paper
T2 - Visualization for Cyber Security (VizSec), 2015 IEEE Symposium on
Y2 - 25 October 2015 through 25 October 2015
ER -