As network attacks increase in complexity, network administrators will continue to struggle with analyzing security data immediately and efficiently. To alleviate these challenges, researchers are looking into various visualization techniques (e.g., two-dimensional (2D) and three-dimensional (3D)) to detect, identify, and analyze malicious attacks. This paper discusses the benefits of using a stereoscopic 3D parallel visualization techniques for network scanning, in particular, when addressing occlusion-based visualization attacks intended to confuse network administrators. To our knowledge, no 2D or 3D tool exists that analyzes these attacks. Hence, we propose a novel 3D Parallel coordinate visualization tool for advanced network scans and attacks called P3D. P3D uses flow data, filtering techniques, and state-of-the art 3D technologies to help network administrators detect distributed and coordinated network scans. Compared to other 2D and 3D network security visualization tools, P3D prevents occlusion-based visualization attacks (e.g., Windshield Wiper and Port Source Confusion attacks). We validate our tool with use-cases from emulated distributed scanning attacks. Our evaluation shows P3D allows users to extract new information about scans and minimize information overload by adding an extra dimension and awareness region in the visualization.
As the volume of network data continues to increase and networks become more complex, the ability to accurately manage and analyze data quickly becomes a difficult problem. Many network management tools already use two-dimensional (2D) and three-dimensional (3D) visualization techniques to help support decision-making and reasoning of network anomalies and activity. However, a poor user interface combined with the massive amount of data could obfuscate important network details. As a result, administrators may fail to detect and identify malicious network behavior in a timely manner. 3D visualizations address this challenge by introducing monocular and binocular visual cues to portray depth and to increase the perceived viewing area. In this work, we explore these cues for 3D network security applications, with a particular emphasis on binocular disparity or stereoscopic 3D. Currently, no network security tool takes advantage of the enhanced depth perception provided by stereoscopic 3D technologies for vulnerability assessment. Compared to traditional 3D systems, stereoscopic 3D helps improve the perception of depth, which can, in turn reduce the number of errors and increase response times of network administrators. Thus, we introduce a stereoscopic 3D visual Framework for Rendering Enhanced 3D Stereoscopic Visualizations for Network Security (FRE3DS). Our novel framework uses state-of-the art 3D graphics rendering to assist in 3D visualizations for network security applications. Moreover, utilizing our framework, we propose a new 3D Stereoscopic Vulnerability Assessment Tool (3DSVAT). We illustrate the use of 3DSVAT to assist in rapid detection and correlation of attack vulnerabilities in a subset of a modified local area network data set using the enhanced perception of depth in a stereoscopic 3D environment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.