P3D: A Parallel 3D Coordinate System for Advanced Network Scans Sept. 2012

Summary of this research:

Abstract—As network attacks increase in complexity, network administrators will continue to struggle with analyzing security data immediately and efficiently. To alleviate these challenges, researchers are looking into various visualization techniques (e.g., two-dimensional (2D) and three-dimensional (3D)) to detect,
identify, and analyze malicious attacks. This paper discusses the enhancements of using a stereoscopic 3D parallel visualization techniques for network scanning, in particular occlusion attacks meant to confuse network administrators. To our current knowledge, no 3D tool exists that analyzes these attacks. Hence, we propose a novel 3D parallel coordinate stereoscopic visualization tool called P3D: Parallel 3D coordinate system for advanced network scans and attacks. This tool uses flow data and filtering techniques to help network administrators detect distributed and coordinated network scans. Compared to other 2D and 3D network security visualization tools, P3D can identify different network scanning methods used and increase unique searchability of more data. We validate our tool with use-cases from simulated distributed scanning techniques. In result, our results show P3D allows users to extract new information about scans and prevent information overload and occlusions by adding an extra dimension in the visualization.

Index Terms—Stereoscopic 3D, Security Visualization, Parallel Coordinate

Leave a Reply

Your email address will not be published. Required fields are marked *