Visualization is used by security analysts to help detect patterns and trends in large volumes of network traffic data. With IPv6 slowly being deployed around the world, network intruders are beginning to adapt their tools and techniques to work over IPv6 (vs. IPv4). Many tools for visualizing network activity, while useful for detecting large scale attacks and network behavior anomalies still only support IPv4. In this paper, we explore the current state of IPv6 support in some popular security visualization tools and identify the roadblocks preventing those tools from supporting the new protocol. We propose a filtering technique that helps reduce the occlusion of IPv6 sources on graphs. We also suggest using treemaps for visually representing the vast space of remote addresses in IPv6.

Additional Metadata
Keywords I.6.8 [simulation and modeling]: types of simulation - visual, K.6.5 [management of computing and information systems]: security and protection (D.4.6, K.4.2) - unauthorized access (e.g., hacking, phreaking)
Persistent URL dx.doi.org/10.1109/VIZSEC.2009.5375538
Conference 6th International Workshop on Visualization for Cyber Security 2009, VizSec 2009
Citation
Barrera, D. (David), & Van Oorschot, P. (2009). Security visualization tools and IPv6 addresses. Presented at the 6th International Workshop on Visualization for Cyber Security 2009, VizSec 2009. doi:10.1109/VIZSEC.2009.5375538