IMap: Visualizing network activity over internet maps

J. Joseph Fowler, Michael Schneider, Thienne Johnson, Carlos Acedo, Loukas Lazos, Paolo Simonetto, Stephen G Kobourov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

We propose a novel visualization, IMap, which enables the detection of security threats by visualizing a large volume of dynamic network data. In IMap, the Internet topology at the Autonomous System (AS) level is represented by a canonical map (which resembles a geographic map of the world), and aggregated IP traffic activity is superimposed in the form of heat maps (intensity overlays). Specifically, IMap groups ASes as contiguous regions based on AS attributes (geolocation, type, rank, IP prefix space) and AS relationships. The area, boundary, and relative positions of these regions in the map do not reect actual world geography, but are determined by the characteristics of the Internet's AS topology. To demonstrate the effectiveness of IMap, we showcase two case studies, a simulated DDoS attack and a real-world worm propagation attack.

Original languageEnglish (US)
Title of host publicationVizSec 2014 - Proceedings of the 11th Workshop on Visualization for Cyber Security
PublisherAssociation for Computing Machinery
Pages80-87
Number of pages8
Volume10-November-2014
ISBN (Electronic)9781450328265
DOIs
StatePublished - Nov 10 2014
Event11th Workshop on Visualization for Cyber Security, VizSec 2014 - Paris, France
Duration: Nov 10 2014 → …

Other

Other11th Workshop on Visualization for Cyber Security, VizSec 2014
CountryFrance
CityParis
Period11/10/14 → …

Fingerprint

Internet
Topology
Visualization
Hot Temperature

Keywords

  • Anomaly
  • Map
  • Network
  • Security
  • Topology visualization

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software

Cite this

Fowler, J. J., Schneider, M., Johnson, T., Acedo, C., Lazos, L., Simonetto, P., & Kobourov, S. G. (2014). IMap: Visualizing network activity over internet maps. In VizSec 2014 - Proceedings of the 11th Workshop on Visualization for Cyber Security (Vol. 10-November-2014, pp. 80-87). Association for Computing Machinery. https://doi.org/10.1145/2671491.2671501

IMap : Visualizing network activity over internet maps. / Fowler, J. Joseph; Schneider, Michael; Johnson, Thienne; Acedo, Carlos; Lazos, Loukas; Simonetto, Paolo; Kobourov, Stephen G.

VizSec 2014 - Proceedings of the 11th Workshop on Visualization for Cyber Security. Vol. 10-November-2014 Association for Computing Machinery, 2014. p. 80-87.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Fowler, JJ, Schneider, M, Johnson, T, Acedo, C, Lazos, L, Simonetto, P & Kobourov, SG 2014, IMap: Visualizing network activity over internet maps. in VizSec 2014 - Proceedings of the 11th Workshop on Visualization for Cyber Security. vol. 10-November-2014, Association for Computing Machinery, pp. 80-87, 11th Workshop on Visualization for Cyber Security, VizSec 2014, Paris, France, 11/10/14. https://doi.org/10.1145/2671491.2671501
Fowler JJ, Schneider M, Johnson T, Acedo C, Lazos L, Simonetto P et al. IMap: Visualizing network activity over internet maps. In VizSec 2014 - Proceedings of the 11th Workshop on Visualization for Cyber Security. Vol. 10-November-2014. Association for Computing Machinery. 2014. p. 80-87 https://doi.org/10.1145/2671491.2671501
Fowler, J. Joseph ; Schneider, Michael ; Johnson, Thienne ; Acedo, Carlos ; Lazos, Loukas ; Simonetto, Paolo ; Kobourov, Stephen G. / IMap : Visualizing network activity over internet maps. VizSec 2014 - Proceedings of the 11th Workshop on Visualization for Cyber Security. Vol. 10-November-2014 Association for Computing Machinery, 2014. pp. 80-87
@inproceedings{99b20a54286641aeaa32ebe03f84b7e1,
title = "IMap: Visualizing network activity over internet maps",
abstract = "We propose a novel visualization, IMap, which enables the detection of security threats by visualizing a large volume of dynamic network data. In IMap, the Internet topology at the Autonomous System (AS) level is represented by a canonical map (which resembles a geographic map of the world), and aggregated IP traffic activity is superimposed in the form of heat maps (intensity overlays). Specifically, IMap groups ASes as contiguous regions based on AS attributes (geolocation, type, rank, IP prefix space) and AS relationships. The area, boundary, and relative positions of these regions in the map do not reect actual world geography, but are determined by the characteristics of the Internet's AS topology. To demonstrate the effectiveness of IMap, we showcase two case studies, a simulated DDoS attack and a real-world worm propagation attack.",
keywords = "Anomaly, Map, Network, Security, Topology visualization",
author = "Fowler, {J. Joseph} and Michael Schneider and Thienne Johnson and Carlos Acedo and Loukas Lazos and Paolo Simonetto and Kobourov, {Stephen G}",
year = "2014",
month = "11",
day = "10",
doi = "10.1145/2671491.2671501",
language = "English (US)",
volume = "10-November-2014",
pages = "80--87",
booktitle = "VizSec 2014 - Proceedings of the 11th Workshop on Visualization for Cyber Security",
publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - IMap

T2 - Visualizing network activity over internet maps

AU - Fowler, J. Joseph

AU - Schneider, Michael

AU - Johnson, Thienne

AU - Acedo, Carlos

AU - Lazos, Loukas

AU - Simonetto, Paolo

AU - Kobourov, Stephen G

PY - 2014/11/10

Y1 - 2014/11/10

N2 - We propose a novel visualization, IMap, which enables the detection of security threats by visualizing a large volume of dynamic network data. In IMap, the Internet topology at the Autonomous System (AS) level is represented by a canonical map (which resembles a geographic map of the world), and aggregated IP traffic activity is superimposed in the form of heat maps (intensity overlays). Specifically, IMap groups ASes as contiguous regions based on AS attributes (geolocation, type, rank, IP prefix space) and AS relationships. The area, boundary, and relative positions of these regions in the map do not reect actual world geography, but are determined by the characteristics of the Internet's AS topology. To demonstrate the effectiveness of IMap, we showcase two case studies, a simulated DDoS attack and a real-world worm propagation attack.

AB - We propose a novel visualization, IMap, which enables the detection of security threats by visualizing a large volume of dynamic network data. In IMap, the Internet topology at the Autonomous System (AS) level is represented by a canonical map (which resembles a geographic map of the world), and aggregated IP traffic activity is superimposed in the form of heat maps (intensity overlays). Specifically, IMap groups ASes as contiguous regions based on AS attributes (geolocation, type, rank, IP prefix space) and AS relationships. The area, boundary, and relative positions of these regions in the map do not reect actual world geography, but are determined by the characteristics of the Internet's AS topology. To demonstrate the effectiveness of IMap, we showcase two case studies, a simulated DDoS attack and a real-world worm propagation attack.

KW - Anomaly

KW - Map

KW - Network

KW - Security

KW - Topology visualization

UR - http://www.scopus.com/inward/record.url?scp=84982830384&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84982830384&partnerID=8YFLogxK

U2 - 10.1145/2671491.2671501

DO - 10.1145/2671491.2671501

M3 - Conference contribution

AN - SCOPUS:84982830384

VL - 10-November-2014

SP - 80

EP - 87

BT - VizSec 2014 - Proceedings of the 11th Workshop on Visualization for Cyber Security

PB - Association for Computing Machinery

ER -