Streaming Data Visualization for Network Security
Abstract:
The emergence of streaming data or “data in motion”
has motivated the development of new “streaming”
algorithms that provide up-to-date answers to continuous
queries; that is, queries that are issued once
and then run continuously as new data streams in.
For example, in the context of network traffic management,
continuous queries over streaming Netflow
data may be used to detect anomalies in the network
as they happen (e.g., performance degradation, onset
of an attack). One of the most popular approaches
for detecting unusual patterns in the network is frequent
itemset mining (FIM). Answers produced by
many FIM algorithms are often high-dimensional
and packed with rich information. As the rate of
data arrival may be rapid, interpreting the output in
real time can be challenging. The main objective of
this thesis is to introduce a new visualization method
that can visualize the continuous stream of answers
produced by existing streaming algorithms in an intuitive
and meaningful manner. The visualization
method is designed independent of the choice of FIM
algorithms. It is able to capture frequency of each
itemset, different relationship between network traf-
fic attributes, and the changes in frequent itemsets
over time. Ultimately, users should be able to leverage
this visualization to respond to an ongoing attack
in real time