NetCapVis: Web-based Progressive Visual Analytics for Network Packet Captures
2019 IEEE Symposium on Visualization for Cyber Security (VizSec)(2019)
摘要
Network traffic log data is a key data source for forensic analysis of cybersecurity incidents. Packet Captures (PCAPs) are the raw information directly gathered from the network device. As the bandwidth and connections to other hosts rise, this data becomes very large quickly. Malware analysts and administrators are using this data frequently for their analysis. However, the currently most used tool Wireshark is displaying the data as a table, making it difficult to get an overview and focus on the significant parts. Also, the process of loading large files into Wireshark takes time and has to be repeated each time the file is closed. We believe that this problem poses an optimal setting for a client-server infrastructure with a progressive visual analytics approach. The processing can be outsourced to the server while the client is progressively updated. In this paper we present NetCapVis, an web-based progressive visual analytics system where the user can upload PCAP files, set initial filters to reduce the data before uploading and then instantly interact with the data while the rest is progressively loaded into the visualizations.
更多查看译文
关键词
Network Traffic,PCAP,Progressive Visual Analytics,Packet Capture,Web-Application,Human-centered computing—Visual analytics,Human-centered computing—Interaction design—User interface design
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络