Configurable IP-space maps for large-scale, multi-source network data visual analysis and correlation
Author(s)
Miserendino, Scott; Maynard, Corey; Freeman, William
DownloadPublished version (640.1Kb)
Terms of use
Metadata
Show full item recordAbstract
The need to scale visualization of cyber (IP-space) data sets and analytic results as well as to support a variety of data sources and missions have proved challenging requirements for the development of a cyber common operating picture. Typical methods of visualizing IP-space data require unreliable domain conversions such as IP geolocation, network topology that is difficult to discover, or data sets that can only display one at a time. In this work, we introduce a generalized version of hierarchical network maps called configurable IP-space maps that can simultaneously visualize multiple layers of IP-based data at global scale. IP-space maps allow users to interactively explore the cyber domain from multiple perspectives. A web-based implementation of the concept is described, highlighting a novel repurposing of existing geospatial mapping tools for the cyber domain. Benefits of the configurable IP-space map concept to cyber data set analysis using spatial statistics are discussed. IP-space map structure is found to have a strong effect on data clustering behavior, hinting at the ability to automatically determine concentrations of network events within an organizational hierarchy.
Date issued
2013-12Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science; Massachusetts Institute of Technology. Computer Science and Artificial Intelligence LaboratoryPublisher
SPIE-Intl Soc Optical Eng
Citation
Scott Miserendino, Corey Maynard, William Freeman, "Configurable IP-space maps for large-scale, multi-source network data visual analysis and correlation," Proc. SPIE 9017, Visualization and Data Analysis 2014, 901705(3 February 2014); doi: 10.1117/12.2037862
Version: Final published version