PCAV: Internet Attack Visualization on Parallel Coordinates

12 years 11 months ago
PCAV: Internet Attack Visualization on Parallel Coordinates
This paper presents PCAV (Parallel Coordinates Attack Visualizer), a real-time visualization system for detecting large-scale Internet attacks including Internet worms, DDoS attacks and network scanning activities. PCAV displays network traffic on the plane of parallel coordinates using the source IP address, destination IP address, destination port and the average packet length in a flow. These four values are used to draw each flow as a connected line on the plane and surprisingly a group of lines forms a particular shape in case of attack. Thus, a simple but novel way of displaying traffic reveals ongoing attacks. From the fact that numerous types of attacks form a specific pattern of graphs, we have developed nine signatures and their detection mechanism using an efficient hashing algorithm. Using the graphical signatures, PCAV can quickly detect new attacks and enables network administrators to instantly recognize and respond to the attacks. Another strength of PCAV comes fr...
Hyunsang Choi, Heejo Lee
Added 27 Jun 2010
Updated 27 Jun 2010
Type Conference
Year 2005
Authors Hyunsang Choi, Heejo Lee
Comments (0)