Real-Time Visualization of Network Behaviors for Situational Awareness
Plentiful, complex, and dynamic data make understanding the state of an enterprise network difficult. Although visualization can help analysts understand baseline behaviors in network traffic and identify off-normal events, visual analysis systems often do not scale well to operational data volumes (in the hundreds of millions to billions of transactions per day) nor to analysis of emergent trends in real-time data. We present a system that combines multiple, complementary visualization techniques coupled with in-stream analytics, behavioral modeling of network actors, and a high-throughput processing platform called MeDICi. This system provides situational understanding of real-time network activity to help analysts take proactive response steps. We have developed these techniques using requirements gathered from the government users for which the tools are being developed. By linking multiple visualization tools to a streaming analytic pipeline, and designing each tool to support a particular kind of analysis (from high-level awareness to detailed investigation), analysts can understand the behavior of a network across multiple levels of abstraction.
- Research Organization:
- Pacific Northwest National Laboratory (PNNL), Richland, WA (US)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 988662
- Report Number(s):
- PNNL-SA-72442
- Country of Publication:
- United States
- Language:
- English
Similar Records
Situational Awareness of Network System Roles (SANSR)
CyberPetri at CDX 2016: Real-time Network Situation Awareness
Situational Awareness of Network System Roles (SANSR)
Conference
·
Sat Dec 31 23:00:00 EST 2016
·
OSTI ID:1356923
CyberPetri at CDX 2016: Real-time Network Situation Awareness
Conference
·
Mon Oct 24 00:00:00 EDT 2016
·
OSTI ID:1346299
Situational Awareness of Network System Roles (SANSR)
Software
·
Thu Jan 17 19:00:00 EST 2019
·
OSTI ID:code-96817