Visualization of Network Traffic to Detect Malicious Network activity

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
Helsinki University of Technology | Diplomityö
Checking the digitized thesis and permission for publishing
Instructions for the author
Degree programme
Today enormous logging data monitoring the traffics of the Internet is generated everyday. However, the network administrators still have very limited insight into the logging data, mainly due to the lack of efficient analyzing approaches. Most of the existing network monitoring or analysis tools either mainly focus on the throughput of the network in order to assist network structure planning and optimization, which is too high level for security analysis, or dig to too low level into every packet, which is too inefficient in practice. Unfortunately, not all network traffics are legitimate. As a matter of fact, a lot of malicious traffics flow through the Internet all the time. Such malicious traffics can lead to various cyber-crimes, and exhaust considerable network bandwidth. The expression that what you do not see can hurt you perfectly suits the situation here. In order to help the network administrators to discover malicious activities in their network traffics, this thesis attempt to explore suitable visualization techniques to distinguish malicious traffics from massive background traffics by using visual patterns, to which the human visual perception system is sensitive and can thus processes efficiently. To achieve such goal, we first extract the visual patterns of malicious activities from known malicious traffics. Then, we look for the same visual patterns in the normal traffics When the same visual pattern is found, we identify the relevant malicious activities. The tool used in our experimentation is designed and implemented according to the experiences learned from previous related works, with special regards to human visual perception theory. The result of our experimentation shows that some malicious activities which can not be easily identified in traditional analyzing approaches before, can be identified by our visualization system under certain conditions.
Ylä-Jääski, Antti|Jiang, Yuming
Thesis advisor
Knutsen, Morten
Oslebo, Arne
security visualization, netflow, malicious activity detection
Other note