TVis: A Light-weight Traffic Visualization System for DDoS Detection
| Title | TVis: A Light-weight Traffic Visualization System for DDoS Detection |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Kalwar, Abhishek, Bhuyan, Monowar H., Bhattacharyya, Dhruba K., Kadobayashi, Youki, Elmroth, Erik, Kalita, Jugal K. |
| Conference Name | 2019 14th International Joint Symposium on Artificial Intelligence and Natural Language Processing (iSAI-NLP) |
| Date Published | Nov. 2019 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-5631-6 |
| Keywords | acute attacks, anomaly detection system, Computer crime, computer network security, Computing Theory, data visualisation, Data visualization, DDoS Attack, denial-of-service attack, distributed DoS attacks, external network traffic, graph theory, Heron's triangle-area mapping, high-rate DDoS detection, highrate DDoS attacks, interactive visualization system, internal network traffic, Internet, IP networks, light-weight traffic visualization system, low-rate attacks, Microsoft Windows, Monitoring, network defenders, network size, network traffic, networked computers, offline modes, online and offline, pubcrawl, resilience, Resiliency, telecommunication traffic, time 5.0 s, triangle-area, TVis, undirected graph, visual observations, visualization |
| Abstract | With rapid growth of network size and complexity, network defenders are facing more challenges in protecting networked computers and other devices from acute attacks. Traffic visualization is an essential element in an anomaly detection system for visual observations and detection of distributed DoS attacks. This paper presents an interactive visualization system called TVis, proposed to detect both low-rate and highrate DDoS attacks using Heron's triangle-area mapping. TVis allows network defenders to identify and investigate anomalies in internal and external network traffic at both online and offline modes. We model the network traffic as an undirected graph and compute triangle-area map based on incidences at each vertex for each 5 seconds time window. The system triggers an alarm iff the system finds an area of the mapped triangle beyond the dynamic threshold. TVis performs well for both low-rate and high-rate DDoS detection in comparison to its competitors. |
| URL | https://ieeexplore.ieee.org/document/9068666 |
| DOI | 10.1109/iSAI-NLP48611.2019.9068666 |
| Citation Key | kalwar_tvis_2019 |
- pubcrawl
- low-rate attacks
- microsoft windows
- Monitoring
- network defenders
- network size
- network traffic
- networked computers
- offline modes
- online and offline
- light-weight traffic visualization system
- resilience
- Resiliency
- telecommunication traffic
- time 5.0 s
- triangle-area
- TVis
- undirected graph
- visual observations
- visualization
- external network traffic
- anomaly detection system
- Computer crime
- computer network security
- Computing Theory
- data visualisation
- Data visualization
- DDoS Attack
- denial-of-service attack
- distributed DoS attacks
- acute attacks
- graph theory
- Heron's triangle-area mapping
- high-rate DDoS detection
- highrate DDoS attacks
- interactive visualization system
- internal network traffic
- internet
- IP networks