Streaming Data Visualization for Network Security

Report ID: TR-007-17

---

Author: Qiu, Huilian

---

Date: 2017-05-24

---

Pages: 10

---

Download Formats: |PDF|

---

Abstract:

The emergence of streaming data or “data in motion” has motivated the development of new “streaming” algorithms that provide up-to-date answers to continuous queries; that is, queries that are issued once and then run continuously as new data streams in. For example, in the context of network traffic management, continuous queries over streaming Netflow data may be used to detect anomalies in the network as they happen (e.g., performance degradation, onset of an attack). One of the most popular approaches for detecting unusual patterns in the network is frequent itemset mining (FIM). Answers produced by many FIM algorithms are often high-dimensional and packed with rich information. As the rate of data arrival may be rapid, interpreting the output in real time can be challenging. The main objective of this thesis is to introduce a new visualization method that can visualize the continuous stream of answers produced by existing streaming algorithms in an intuitive and meaningful manner. The visualization method is designed independent of the choice of FIM algorithms. It is able to capture frequency of each itemset, different relationship between network traf- fic attributes, and the changes in frequent itemsets over time. Ultimately, users should be able to leverage this visualization to respond to an ongoing attack in real time