IMap: Visualizing network activity over internet maps

J. Joseph Fowler, Michael Schneider, Thienne Johnson, Carlos Acedo, Loukas Lazos, Paolo Simonetto, Stephen Kobourov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations


We propose a novel visualization, IMap, which enables the detection of security threats by visualizing a large volume of dynamic network data. In IMap, the Internet topology at the Autonomous System (AS) level is represented by a canonical map (which resembles a geographic map of the world), and aggregated IP traffic activity is superimposed in the form of heat maps (intensity overlays). Specifically, IMap groups ASes as contiguous regions based on AS attributes (geolocation, type, rank, IP prefix space) and AS relationships. The area, boundary, and relative positions of these regions in the map do not reect actual world geography, but are determined by the characteristics of the Internet's AS topology. To demonstrate the effectiveness of IMap, we showcase two case studies, a simulated DDoS attack and a real-world worm propagation attack.

Original languageEnglish (US)
Title of host publicationVizSec 2014 - Proceedings of the 11th Workshop on Visualization for Cyber Security
EditorsKirsten Whitley, Lane Harrison, Fabian Fischer, Nicolas Prigent, Sophie Engle
PublisherAssociation for Computing Machinery
Number of pages8
ISBN (Electronic)9781450328265
StatePublished - Nov 10 2014
Event11th Workshop on Visualization for Cyber Security, VizSec 2014 - Paris, France
Duration: Nov 10 2014 → …

Publication series

NameACM International Conference Proceeding Series


Other11th Workshop on Visualization for Cyber Security, VizSec 2014
Period11/10/14 → …


  • Anomaly
  • Map
  • Network
  • Security
  • Topology visualization

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


Dive into the research topics of 'IMap: Visualizing network activity over internet maps'. Together they form a unique fingerprint.

Cite this