• Home

  • Documents

  • spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates...
11
SpiralView a visual tool to improve monitoring and understanding of security data in corporate networks

spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

  • Upload
    others

  • View
    4

  • Download
    0

Embed Size (px)

Citation preview

Page 1: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

SpiralView

a visual tool to improve monitoring andunderstanding of security data in

corporate networks

Page 2: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

Network Security & IDS• Private networks need to keep their data safe and their

activities functional

• Traffic between nodes is monitored to detect dangerousbehaviours and devise proper solutions

• An IDS (Intrusion Detection System) analyzes traffic andgenerates alarms when suspicious behaviours aredetected

• The administrator uses alarms as a starting point to seewhether some actions are required

Page 3: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

Network Security and Visualization

• Visualization is the perfect choice fornetwork security:– Large data can be spotted at a glance– Interaction enables exploration and thus

understanding

• Two approaches exist in network security– Visualizing traffic (with or without topology)– Visualizing alarms

Page 4: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

Visualization and IDS

• Good mix of data mining + visualization

• Visualization helps in:1. Managing large number of alarms2. Put alarms in context (time, network resources)3. Keep track of alarms’ evolution

• Current systems permit to perform only the firsttwo, the SpiralView allows the third as well

Page 5: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

SpiralView Features• Enable the analysis of alarms over long periods

of time (weeks, months)– from day-to-day monitoring to long term perspective

• Better understanding of how alarms distributeover network resources through simpleinteractive tools

• Uses higher level data information (applicationsand users) thus making the analysis accesible toless technical people

Page 6: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

SpiralView Design

Page 7: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

Alarms View

Page 8: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

Zoom in the Alarms View

Page 9: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

Resources Visualization

Page 10: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

Data Exploration and Understading (1): finding the causes for spikes

1. Isolate applicativealarms

2. See how they distributeover network resources(e.g., most of them arespyware)

3. Select the spikes to seehow they map on theuser/application view

4. Most spikes aregenerated by user 17and applicationsave.exe

Page 11: spiralview - unifr.ch · •An IDS (Intrusion Detection System) analyzes traffic and generates alarms when suspicious behaviours are detected •The administrator uses alarms as a

Data Exploration and Understading (2): exploring scan&prop alarms

1. Isolate scan&propalarms

2. They started to appearquite lately in thenetwork (outer rings)and they tend to beclustered between 4o’clock and 16 o’clock

3. The user/applicationview shows that theapplication scanner.exeand a group of usersgenerate the largemajority of them


View Journal | View Issue - unifr.ch

View Journal | View Issue - unifr.ch

Documents
Notifications & Alarms. Notifications Alarms

Notifications & Alarms. Notifications Alarms

Documents
Suspicious Minds

Suspicious Minds

Entertainment & Humor
BIOCHIMIE DU SANG - unifr.ch

BIOCHIMIE DU SANG - unifr.ch

Documents
universitas - unifr.ch

universitas - unifr.ch

Documents
Código Penal Alemán - unifr.ch

Código Penal Alemán - unifr.ch

Documents
Université - unifr.ch

Université - unifr.ch

Documents
Serneels et al., 2017 - unifr.ch

Serneels et al., 2017 - unifr.ch

Documents
IIJES/Monotheismus Götterbildkritik thomas.staubli@unifr.ch

IIJES/Monotheismus Götterbildkritik [email protected]

Documents
EUROPEAN INKLINGS (EU - unifr.ch

EUROPEAN INKLINGS (EU - unifr.ch

Documents
Suspicious Packaging

Suspicious Packaging

Documents
SMOKE ALARMS CO ALARMS COMBO ALARMS … ALARMS CO ALARMS. COMBO ALARMS HEAT ALARMS. LEADERS IN . ... Not a UL 2034 CO Alarm) ... hearing loss to hear horn. Sweeps through

SMOKE ALARMS CO ALARMS COMBO ALARMS … ALARMS CO ALARMS. COMBO ALARMS HEAT ALARMS. LEADERS IN . ... Not a UL 2034 CO Alarm) ... hearing loss to hear horn. Sweeps through

Documents
Philosophische Fakultät - unifr.ch

Philosophische Fakultät - unifr.ch

Documents
Paul Rhyner-Vortrag 2013 - unifr.ch

Paul Rhyner-Vortrag 2013 - unifr.ch

Documents
Histoire d'Abraham - unifr.ch

Histoire d'Abraham - unifr.ch

Documents
Epithelgewebe und Drüsengewebe - unifr.ch

Epithelgewebe und Drüsengewebe - unifr.ch

Documents
Michael S. Sherwin OP - unifr.ch

Michael S. Sherwin OP - unifr.ch

Documents
Suspicious Packages

Suspicious Packages

Documents
suspicious portraits

suspicious portraits

Documents
1977, 104-105 - unifr.ch

1977, 104-105 - unifr.ch

Documents
ANNUAL REPORT 2018 - unifr.ch

ANNUAL REPORT 2018 - unifr.ch

Documents
NEUROCIENCIAS Y DERECHO PENAL - unifr.ch

NEUROCIENCIAS Y DERECHO PENAL - unifr.ch

Documents
REPERTOIRE DES INDICES CDU - unifr.ch

REPERTOIRE DES INDICES CDU - unifr.ch

Documents
Master studies in Biology - unifr.ch

Master studies in Biology - unifr.ch

Documents
H Neuropathies et myopathies - unifr.ch

H Neuropathies et myopathies - unifr.ch

Documents
TE2, PART IV - unifr.ch

TE2, PART IV - unifr.ch

Documents
SRUTXp - unifr.ch

SRUTXp - unifr.ch

Documents
IIJES/Monotheismus Gottesknecht thomas.staubli@unifr.ch

IIJES/Monotheismus Gottesknecht [email protected]

Documents
SMOKE ALARMS CO ALARMS HEAT ALARMS FIRE EXTINGUISHERS · 1 Product Catalog Electrical Distributor Volume 14 SMOKE ALARMS CO ALARMS HEAT ALARMS FIRE EXTINGUISHERS

SMOKE ALARMS CO ALARMS HEAT ALARMS FIRE EXTINGUISHERS · 1 Product Catalog Electrical Distributor Volume 14 SMOKE ALARMS CO ALARMS HEAT ALARMS FIRE EXTINGUISHERS

Documents
Fiscal Windfall Curse - unifr.ch

Fiscal Windfall Curse - unifr.ch

Documents