ichiLAN: Visualization System for LAN Monitoring

In monitoring security of enterprise or campus networks, detecting attacks from internal network to external network is becoming more and more important. After detecting such attacks, finding the location of the target PC is sometimes needed. This paper describes a visual security monitoring system for large-scale local area network. The system integrates three information, logical, temporal, and geographical information, in one 3-D visualization. The system also provides effective interaction capabilities and filtering mechanism. IDS logs obtained at the computer center of our university were visualized, and typical examples such as botnet activities and SSH brute force attack were discussed.