Real-time visualization of network attacks on high-speed links

Hyogon Kim, Inhye Kang, Saewoong Bahk

Research output: Contribution to journalArticlepeer-review

20 Citations (Scopus)

Abstract

This article shows that malicious traffic flows such as denial-of-service attacks and various scanning activities can be visualized in an intuitive manner. A simple but novel idea of plotting a packet using its source IP address, destination IP address, and the destination port in a 3-dimensional space graphically reveals ongoing attacks. Leveraging this property, combined with the fact that only three header fields per each packet need to be examined, a fast attack detection and classification algorithm can be devised.

Original languageEnglish
Pages (from-to)30-39
Number of pages10
JournalIEEE Network
Volume18
Issue number5
DOIs
Publication statusPublished - 2004 Sept

Bibliographical note

Funding Information:
The original idea of classifying the attacks using the three-packet header values is attributed to Heejung Sohn. We thank Jin-Ho Kim and Byung-Seung Kim for their effort in running the RADAR code on live Seoul National University backbone network traffic. We also thank the anonymous reviewers who helped improve the presentation of the article. This work was supported in part by a Korea University Grant and a NRL program of KISTEP, Korea.

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Real-time visualization of network attacks on high-speed links'. Together they form a unique fingerprint.

Cite this