Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

NetCapVis: Web-based Progressive Visual Analytics for Network Packet Captures

: Ulmer, Alex; Sessler, David; Kohlhammer, Jörn

Postprint urn:nbn:de:0011-n-5997263 (12 MByte PDF)
MD5 Fingerprint: 563d3254a6d2c055d2ede9fd827b4553
© IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Created on: 28.8.2020

Gove, Robert (General Co-Chair) ; Institute of Electrical and Electronics Engineers -IEEE-:
IEEE Symposium on Visualization for Cyber Security, VizSec 2019 : Vancouver, Canada, October 23, 2019
Piscataway, NJ: IEEE, 2019
ISBN: 978-1-7281-3876-3
ISBN: 978-1-7281-3877-0
10 pp.
Symposium on Visualization for Cyber Security (VizSec) <16, 2019, Vancouver>
Bundesministerium für Bildung und Forschung BMBF (Deutschland)
Conference Paper, Electronic Publication
Fraunhofer IGD ()
Lead Topic: Digitized Work; Research Line: Human computer interaction (HCI); web applications; CRISP

Network traffic log data is a key data source for forensic analysis of cybersecurity incidents. Packet Captures (PCAPs) are the raw information directly gathered from the network device. As the bandwidth and connections to other hosts rise, this data becomes very large quickly. Malware analysts and administrators are using this data frequently for their analysis. However, the currently most used tool Wireshark is displaying the data as a table, making it difficult to get an overview and focus on the significant parts. Also, the process of loading large files into Wireshark takes time and has to be repeated each time the file is closed. We believe that this problem poses an optimal setting for a client-server infrastructure with a progressive visual analytics approach. The processing can be outsourced to the server while the client is progressively updated. In this paper we present NetCapVis, an web-based progressive visual analytics system where the user can upload PCAP files, set initial filters to reduce the data before uploading and then instantly interact with the data while the rest is progressively loaded into the visualizations.