Security visualization tools and IPv6 addresses
Visualization is used by security analysts to help detect patterns and trends in large volumes of network traffic data. With IPv6 slowly being deployed around the world, network intruders are beginning to adapt their tools and techniques to work over IPv6 (vs. IPv4). Many tools for visualizing network activity, while useful for detecting large scale attacks and network behavior anomalies still only support IPv4. In this paper, we explore the current state of IPv6 support in some popular security visualization tools and identify the roadblocks preventing those tools from supporting the new protocol. We propose a filtering technique that helps reduce the occlusion of IPv6 sources on graphs. We also suggest using treemaps for visually representing the vast space of remote addresses in IPv6.
|Keywords||I.6.8 [simulation and modeling]: types of simulation - visual, K.6.5 [management of computing and information systems]: security and protection (D.4.6, K.4.2) - unauthorized access (e.g., hacking, phreaking)|
|Conference||6th International Workshop on Visualization for Cyber Security 2009, VizSec 2009|
Barrera, D. (David), & Van Oorschot, P. (2009). Security visualization tools and IPv6 addresses. Presented at the 6th International Workshop on Visualization for Cyber Security 2009, VizSec 2009. doi:10.1109/VIZSEC.2009.5375538