NetVis: a Visualization Tool Enabling Multiple Perspectives of Network Traffic Data

Abstract

Computer network traffic visualizations deliver improved understanding of pattern-of-life for networks, and such enhanced awareness can facilitate the detection of malicious traffic. Existing tools often opt for graph or plotbased visualizations to detect patterns or outliers in the data, but they still largely provide segmented views. In this paper we present a novel framework designed to support multiple heterogeneous visualizations of network traffic data. NetVis enables different visualizations that work in tandem to provide different perspectives of the same data in real-time. As each visualization is modularly tied together, it enables a user to investigate on-going activity, or any subset of it, at their pace and based on their priorities for further exploration. We currently support six visualizations, three are new and three are based on existing literature (parallel coordinate plots, flowscan and spinning cube of potential doom). Our results show that it is possible to use NetVis to detect unusual activity such as cyber attacks on a network. The framework is written to allow future visualizations to be added straightforwardly.