Title: NetFlowMatrix: a visual approach for analysing large NetFlow data

Authors: Yingjie Chen; Baijian Yang; Weijie Wang

Addresses: Department of Computer Graphics Technology, Purdue University, West Lafayette, Indiana ' Department of Computer and Information Technology, Purdue University, West Lafayette, Indiana ' Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Abstract: NetFlowMatrix is a visual analytics system design that adopts small multiple charts to help analysts monitor NetFlow data of a computer network. This design provides an overview and drill-down interactions that allow analysts to see and analyse traffic data from a computer network of thousands of computers and millions of flow records. Various network activities generate NetFlow records with different characteristics. We grouped network flow information into a matrix of cells to display aggregate flows based on payload size and flow duration. The aggregate overview method is scalable that allows the design to support much larger computer networks. To visually distinguish extreme low and high quantity of flows, we use colour shades to distinguish different scales of cells. Utilising this innovative overview design, professionals can easily identify patterns and instances, obvious or subtle, from a large number of network flows.

Keywords: network security situation awareness; network monitoring; network traffic analysis; visual analytics; intrusion detection; port scan; DDOS; distributed denial of service; server redirection; subtle cyber attacks.

DOI: 10.1504/IJSN.2017.088115

International Journal of Security and Networks, 2017 Vol.12 No.4, pp.215 - 229

Available online: 22 Nov 2017 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article