SPECTRUM-BASED AND COLLABORATIVE NETWORK TOPOLOGY ANALYSIS AND VISUALIZATION

Networks are of significant importance in many application domains, such as World Wide Web and social networks, which often embed rich topological information. Since network topology captures the organization of network nodes and links, studying net- work topology is very important to network analysis. In this dissertation, we study networks by analyzing their topology structure to explore community structure, the relationship among network members and links as well as their importance to the belonged communities. We provide new network visualization methods by studying network topology through two aspects: spectrum-based and collaborative visualiza- tion techniques. For the spectrum-based network visualization, we use eigenvalues and eigenvectors to express network topological features instead of using network datasets directly. We provide a visual analytics approach to analyze unsigned networks based on re- cent achievements on spectrum-based analysis techniques which utilize the features of node distribution and coordinates in the high dimensional spectral space. To assist the interactive exploration of network topologies, we have designed network visual- ization and interactive analysis methods allowing users to explore the global topology structure. Further, to address the question of real-life applications involving of both positive and negative relationships, we present a spectral analysis framework to study both signed and unsigned networks. Our framework concentrates on two problems of net- work analysis - what are the important spectral patterns and how to use them to study signed networks. Based on the framework, we present visual analysis methods, which guide the selection of k-dimensional spectral space and interactive exploration of network topology. With the increasing complexity and volume of dynamic networks, it is important to adopt strategies of joint decision-making through developing collaborative visualiza- tion approaches. Thus, we design and develop a collaborative detection mechanism with matrix visualization for complex intrusion detection applications. We establish a set of collaboration guidelines for team coordination with distributed visualization tools. We apply them to generate a prototype system with interactions that facilitates collaborative visual analysis. In order to evaluate the collaborative detection mechanism, a formal user study is presented. The user study monitored participants to collaborate under co-located and distributed collaboration environments to tackle the problems of intrusion detection. We have observed participants’ behaviors and collected their performances from the aspects of coordination and communication. Based on the results, we conclude several coordination strategies and summarize the values of communication for collaborative visualization. Our visualization methods have been demonstrated to be efficient topology explo- ration with both synthetic and real-life datasets in spectrum-based and collaborative exploration. We believe that our methods can provide useful information for future design and development of network topology visualization system

Neural visualization of network traffic data for intrusion detection

This study introduces and describes a novel intrusion detection system (IDS) called MOVCIDS (mobile visualization connectionist IDS). This system applies neural projection architectures to detect anomalous situations taking place in a computer network. By its advanced visualization facilities, the proposed IDS allows providing an overview of the network traffic as well as identifying anomalous situations tackled by computer networks, responding to the challenges presented by volume, dynamics and diversity of the traffic, including novel (0-day) attacks. MOVCIDS provides a novel point of view in the field of IDSs by enabling the most interesting projections (based on the fourth order statistics; the kurtosis index) of a massive traffic dataset to be extracted. These projections are then depicted through a functional and mobile visualization interface, providing visual information of the internal structure of the traffic data. The interface makes MOVCIDS accessible from any mobile device to give more accessibility to network administrators, enabling continuous visualization, monitoring and supervision of computer networks. Additionally, a novel testing technique has been developed to evaluate MOVCIDS and other IDSs employing numerical datasets. To show the performance and validate the proposed IDS, it has been tested in different real domains containing several attacks and anomalous situations. In addition, the importance of the temporal dimension on intrusion detection, and the ability of this IDS to process it, are emphasized in this workJunta de Castilla and Leon project BU006A08, Business intelligence for production within the framework of the Instituto Tecnologico de Cas-tilla y Leon (ITCL) and the Agencia de Desarrollo Empresarial (ADE), and the Spanish Ministry of Education and Innovation project CIT-020000-2008-2. The authors would also like to thank the vehicle interior manufacturer, Grupo Antolin Ingenieria S. A., within the framework of the project MAGNO2008-1028-CENIT Project funded by the Spanish Government

Interactive visualization of event logs for cybersecurity

Hidden cyber threats revealed with new visualization software Eventpa