Accommodating IPv6 addresses in security visualization tools
Abstract Visualization is used by security analysts to help detect patterns and trends in large volumes of network traffic data. With IPv6 slowly being deployed around the world, network intruders are beginning to adapt their tools and techniques to work over IPv6 (versus IPv4). Many tools for visualizing network activity, while useful for detecting large-scale attacks and network behavior anomalies, still only support IPv4. In this article, we explore the current state of IPv6 support in some popular security visualization tools and identify the roadblocks preventing those tools from supporting the new protocol. We propose a filtering technique that helps reduce the occlusion of IPv6 sources on graphs and enables IPv4 visualization tools to display both IPv4 and IPv6 sources on a single graph. We also suggest using treemaps for visually representing the vast space of remote addresses in IPv6.
|Keywords||Management of computing and information systems, Security and protection, Simulation and modeling, Types of simulation, Unauthorized access|
Barrera, D. (David), & Van Oorschot, P. (2011). Accommodating IPv6 addresses in security visualization tools. Information Visualization, 10(2), 107–116. doi:10.1057/ivs.2010.9