Personal machines are often the weakest points within a largenetwork. Although they run an everincreasing number of network ser vices, these machines are often controlled by users who are unaware of security threats. Thus, a wellinformed attacker can, with modest ef fort, identify and gain control over personal machines. However, system administrators need to know the tools and techniques used for attacks while simultaneously needing to invest huge analytical efforts to detect malicious behavior in the vast volumes of network traffic. In our research project we investigate the idea that an understanding of the regular be havior of personal machines can improve the chance of detecting the point in time when a machine shows malicious behavior. We propose a visual exploration system based on a data abstraction layer and temporal visual representations of the network traffic. The data abstraction layer enables an interactive change in the level of detail of the network traffic while temporal visualizations help system administrators to detect unex pected network traffic. In the next phase of this project, we will conduct experiments to get a good feel about the limits of our system in detecting
【 预 览 】
附件列表
Files
Size
Format
View
Interactive Exploration of the Network Behavior of Personal Machines (Extended Abstract)?