@inproceedings{99b20a54286641aeaa32ebe03f84b7e1,
title = "IMap: Visualizing network activity over internet maps",
abstract = "We propose a novel visualization, IMap, which enables the detection of security threats by visualizing a large volume of dynamic network data. In IMap, the Internet topology at the Autonomous System (AS) level is represented by a canonical map (which resembles a geographic map of the world), and aggregated IP traffic activity is superimposed in the form of heat maps (intensity overlays). Specifically, IMap groups ASes as contiguous regions based on AS attributes (geolocation, type, rank, IP prefix space) and AS relationships. The area, boundary, and relative positions of these regions in the map do not reect actual world geography, but are determined by the characteristics of the Internet's AS topology. To demonstrate the effectiveness of IMap, we showcase two case studies, a simulated DDoS attack and a real-world worm propagation attack.",
keywords = "Anomaly, Map, Network, Security, Topology visualization",
author = "Fowler, {J. Joseph} and Michael Schneider and Thienne Johnson and Carlos Acedo and Loukas Lazos and Paolo Simonetto and Stephen Kobourov",
note = "Funding Information: National Center for Health Statistics, CDC; 57 vital statistics jurisdictions that provided data through the Vital Statistics Cooperative Program.; 11th Workshop on Visualization for Cyber Security, VizSec 2014 ; Conference date: 10-11-2014",
year = "2014",
month = nov,
day = "10",
doi = "10.1145/2671491.2671501",
language = "English (US)",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
pages = "80--87",
editor = "Kirsten Whitley and Lane Harrison and Fabian Fischer and Nicolas Prigent and Sophie Engle",
booktitle = "VizSec 2014 - Proceedings of the 11th Workshop on Visualization for Cyber Security",
}