Keywords: network security visualisation, network topology discovery, Honeyd, SYN proxy detection, flooding attacks, firewall detection, information visualisation
Advances in network topology security visualisation
The pervasive aspect of the internet increases the demand for tools that support both monitoring and auditing of security aspects in computer networks. Ideally, these tools should provide a clear and objective presentation of security data in such a way as to let network administrators detect or even predict network security breaches. However, most of these data are still presented only in raw text form or through inadequate data presentation techniques. Our work addresses this problem by designing and developing a tool that aims at integrating several information visualisation techniques in an effective and expressive visualisation. We also present a novel method that detects OpenBSD PF SYN Proxy and Honeyd. This detection of Honeyd improve the visualisation content assuring that the presented data is not fake and the OpenBSD PF SYN Proxy detection shows which nodes are safe from TCP SYN flooding attacks and improve firewall detection. We have tested our tool in the context of network security, presenting two case studies that demonstrate important features such as scalability and detection of critical network security issues.