A Survey of Network Traffic Visualization in Detecting Network Security Threats

Analyzing network traffic to detect network security threats has drawn attentions from security researchers for decades. However, the new characteristics of network traffic, such as explosive growth, more diverse attack types and higher dimension, have brought us new challenges. Because of these challenges, traditional detecting technologies like log analysis cannot directly identify threats from traffic in time. Visualization can straightly and quickly display multi-dimensional information of large network traffic. It can be our powerful weapon to meet the challenges. In this paper, we classify the network traffic into four layers. According to different layer, we systematically survey several well-known network traffic visualization systems. Then we analyze the advantages and disadvantages for each system and give out the comparisons. We also introduce the future works for network traffic visualization.