{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T07:35:03Z","timestamp":1774596903033,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,29]],"date-time":"2004-10-29T00:00:00Z","timestamp":1099008000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,29]]},"DOI":"10.1145\/1029208.1029214","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:58:48Z","timestamp":1107107928000},"page":"26-34","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":120,"title":["VisFlowConnect"],"prefix":"10.1145","author":[{"given":"Xiaoxin","family":"Yin","sequence":"first","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]},{"given":"William","family":"Yurcik","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]},{"given":"Michael","family":"Treaster","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]},{"given":"Yifan","family":"Li","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]},{"given":"Kiran","family":"Lakkaraju","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]}],"member":"320","published-online":{"date-parts":[[2004,10,29]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"C. Abad Y. Li K. Lakkaraju X. Yin and W. Yurcik. Correlation Between NetFlow System and Network Views for Intrusion Detection In Workshop on Link Analysis Counter-terrorism and Privacy held in conjunction with the SIAM International Conference on Data Mining (ICDM) 2004.  C. Abad Y. Li K. Lakkaraju X. Yin and W. Yurcik. Correlation Between NetFlow System and Network Views for Intrusion Detection In Workshop on Link Analysis Counter-terrorism and Privacy held in conjunction with the SIAM International Conference on Data Mining (ICDM) 2004."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/956415.956428"},{"key":"e_1_3_2_1_3_1","volume-title":"Workshop on Link Analysis for Detecting Complex Behavior (LinkKDD)","author":"Acharyya S.","year":"2003","unstructured":"S. Acharyya and J. Ghosh . A maximum entropy framework for higher order link analysis on directed graphs . In Workshop on Link Analysis for Detecting Complex Behavior (LinkKDD) , August 2003 . S. Acharyya and J. Ghosh. A maximum entropy framework for higher order link analysis on directed graphs. In Workshop on Link Analysis for Detecting Complex Behavior (LinkKDD), August 2003."},{"key":"e_1_3_2_1_4_1","unstructured":"Analyst's notebook software. www.i2inc.com\/Products\/Analysts_Notebook\/default.asp.  Analyst's notebook software. www.i2inc.com\/Products\/Analysts_Notebook\/default.asp."},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the IEEE Workshop on Information Assurance and Security","author":"Barbara D.","year":"2001","unstructured":"D. Barbara , J. Couto , S. Jajodia , L. Popyack , and N. Wu . Adam: Detecting intrusions by data mining . In Proceedings of the IEEE Workshop on Information Assurance and Security , June 2001 . D. Barbara, J. Couto, S. Jajodia, L. Popyack, and N. Wu. Adam: Detecting intrusions by data mining. In Proceedings of the IEEE Workshop on Information Assurance and Security, June 2001."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/2945.468391"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/280765.280786"},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV","author":"Brutlag J.","year":"2000","unstructured":"J. Brutlag . Aberrant behavior detection in time series for network monitoring . In Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV , New Orleans, LA , December 2000 . J. Brutlag. Aberrant behavior detection in time series for network monitoring. In Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV, New Orleans, LA, December 2000."},{"key":"e_1_3_2_1_9_1","unstructured":"C. Bullard. Audit record generation and utilization system (argus). http:\/\/www.qosient.com\/argus\/ and ftp:\/\/ftp.andrew.cmu.edu\/pub\/argus.  C. Bullard. Audit record generation and utilization system (argus). http:\/\/www.qosient.com\/argus\/ and ftp:\/\/ftp.andrew.cmu.edu\/pub\/argus."},{"key":"e_1_3_2_1_10_1","unstructured":"Clementine software. www.spss.com\/clementine\/.  Clementine software. www.spss.com\/clementine\/."},{"key":"e_1_3_2_1_11_1","first-page":"202","volume-title":"Proceedings of the 2002 IEEE Symposium on Security and Privacy","author":"Cuppens F.","unstructured":"F. Cuppens and A. Mige . Alert correlation in a cooperative intrusion detection framework . In Proceedings of the 2002 IEEE Symposium on Security and Privacy , page 202 . IEEE Computer Society, 2002. F. Cuppens and A. Mige. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, page 202. IEEE Computer Society, 2002."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/645839.670735"},{"key":"e_1_3_2_1_13_1","volume-title":"September","author":"Erbacher R.","year":"2001","unstructured":"R. Erbacher . Visual behavior characterization for intrusion detection in large scale systems , September 2001 . R. Erbacher. Visual behavior characterization for intrusion detection in large scale systems, September 2001."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.881696"},{"key":"e_1_3_2_1_15_1","volume-title":"A neural network approach towards intrusion detection. Technical report","author":"Fox K.","year":"1990","unstructured":"K. Fox , R. Henning , J. Reed , and R. Simonian . A neural network approach towards intrusion detection. Technical report , Harris Corporation , July 1990 . K. Fox, R. Henning, J. Reed, and R. Simonian. A neural network approach towards intrusion detection. Technical report, Harris Corporation, July 1990."},{"key":"e_1_3_2_1_16_1","volume-title":"Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection","author":"Goodall J. G.","year":"2003","unstructured":"J. G. Goodall , A. Komlodi , and W. G. Lutters . Information visualization for intrusion detection analysis: A needs assessment of systems and network security experts . In Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection , Fairfax, VA , 2003 . J. G. Goodall, A. Komlodi, and W. G. Lutters. Information visualization for intrusion detection analysis: A needs assessment of systems and network security experts. In Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Fairfax, VA, 2003."},{"key":"e_1_3_2_1_17_1","first-page":"318","volume-title":"Spatial Information Technologies for Remote Sensing Today and Tomorrow","author":"Inselberg A.","year":"1984","unstructured":"A. Inselberg . Parallel coordinates for multidimensional displays . In Spatial Information Technologies for Remote Sensing Today and Tomorrow , pages 318 -- 322 , 1984 . A. Inselberg. Parallel coordinates for multidimensional displays. In Spatial Information Technologies for Remote Sensing Today and Tomorrow, pages 318--322, 1984."},{"key":"e_1_3_2_1_18_1","first-page":"361","volume-title":"Parallel coordinates: a tool for visualizing multidimensional geometry","author":"Inselberg A.","year":"1990","unstructured":"A. Inselberg and B. Dimsdale . Parallel coordinates: a tool for visualizing multidimensional geometry . In IEEE Visualization `90 Proceedings, pages 361 -- 378 . IEEE Computer Society , October 1990 . A. Inselberg and B. Dimsdale. Parallel coordinates: a tool for visualizing multidimensional geometry. In IEEE Visualization `90 Proceedings, pages 361--378. IEEE Computer Society, October 1990."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/324133.324140"},{"key":"e_1_3_2_1_20_1","series-title":"Lecture Notes in Computer Science","volume-title":"International Conference on Information Security and Cryptology (ICISC)","author":"Kruegel C.","year":"2001","unstructured":"C. Kruegel , T. Toth , and C. Kerer . Decentralized event correlation for intrusion detection . In International Conference on Information Security and Cryptology (ICISC) , Lecture Notes in Computer Science . Springer Verlag , December 2001 . C. Kruegel, T. Toth, and C. Kerer. Decentralized event correlation for intrusion detection. In International Conference on Information Security and Cryptology (ICISC), Lecture Notes in Computer Science. Springer Verlag, December 2001."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029208.1029219"},{"key":"e_1_3_2_1_22_1","first-page":"120","volume-title":"IEEE Symposium on Security and Privacy","author":"Lee W.","year":"1999","unstructured":"W. Lee , S. J. Stolfo , and K. W. Mok . A data mining framework for building intrusion detection models . In IEEE Symposium on Security and Privacy , pages 120 -- 132 , 1999 . W. Lee, S. J. Stolfo, and K. W. Mok. A data mining framework for building intrusion detection models. In IEEE Symposium on Security and Privacy, pages 120--132, 1999."},{"key":"e_1_3_2_1_23_1","volume-title":"Butterworth Heinemann","author":"Mena J.","year":"2003","unstructured":"J. Mena . Investigative Data Mining for Security and Criminal Detection . Butterworth Heinemann , 2003 . J. Mena. Investigative Data Mining for Security and Criminal Detection. Butterworth Heinemann, 2003."},{"key":"e_1_3_2_1_24_1","volume-title":"Cisco Systems","year":"1999","unstructured":"Netflow services and applications. Technical report , Cisco Systems , 1999 . Netflow services and applications. Technical report, Cisco Systems, 1999."},{"key":"e_1_3_2_1_25_1","unstructured":"Netmap software. www.netmapanalytics.com.  Netmap software. www.netmapanalytics.com."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/383952.384003"},{"key":"e_1_3_2_1_27_1","volume-title":"The pagerank citation ranking: Bringing order to the web. Technical report","author":"Page L.","year":"1998","unstructured":"L. Page , S. Brin , R. Motwani , and T. Winograd . The pagerank citation ranking: Bringing order to the web. Technical report , Stanford Digital Library Technologies Project , 1998 . L. Page, S. Brin, R. Motwani, and T. Winograd. The pagerank citation ranking: Bringing order to the web. Technical report, Stanford Digital Library Technologies Project, 1998."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV","author":"Plonka D.","year":"2000","unstructured":"D. Plonka . Flowscan : A network traffic flow reporting and visualization tool . In Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV , December 2000 . D. Plonka. Flowscan: A network traffic flow reporting and visualization tool. In Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV, December 2000."},{"key":"e_1_3_2_1_30_1","unstructured":"Polyanalyst software. www.megaputer.com\/products\/pa\/index.php3.  Polyanalyst software. www.megaputer.com\/products\/pa\/index.php3."},{"key":"e_1_3_2_1_31_1","unstructured":"Security incident fusion tools (sift). www.ncassr.org\/projects\/sift\/.  Security incident fusion tools (sift). www.ncassr.org\/projects\/sift\/."},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of 13th IEEE Visualization Conference","author":"Teoh S. T.","year":"2002","unstructured":"S. T. Teoh , K.-L. Ma , S. F. Wu ,, and X. Zhao . Case study: Interactive visualization for internet security . In Proceedings of 13th IEEE Visualization Conference , 2002 . S. T. Teoh, K.-L. Ma, S. F. Wu,, and X. Zhao. Case study: Interactive visualization for internet security. In Proceedings of 13th IEEE Visualization Conference, 2002."},{"key":"e_1_3_2_1_33_1","unstructured":"Visuallinks suite. www.visualanalytics.com\/Products\/VL3-0Features.cfm.  Visuallinks suite. www.visualanalytics.com\/Products\/VL3-0Features.cfm."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1990.10474926"},{"key":"e_1_3_2_1_35_1","volume-title":"Workshop on Information Assurance (WIA04)","author":"Yin X.","year":"2004","unstructured":"X. Yin , W. Yurcik , Y. Li , K. Lakkaraju , and C. Abad . VisFlowConnect: Providing Security Situational Awareness by Visualizing Network Traffic Flows . In Workshop on Information Assurance (WIA04) held in conjunction with the 23rd IEEE International Performance Computing and Communications Conference (IPCCC) , 2004 . X. Yin, W. Yurcik, Y. Li, K. Lakkaraju, and C. Abad. VisFlowConnect: Providing Security Situational Awareness by Visualizing Network Traffic Flows. In Workshop on Information Assurance (WIA04) held in conjunction with the 23rd IEEE International Performance Computing and Communications Conference (IPCCC), 2004."},{"key":"e_1_3_2_1_36_1","volume-title":"3rd IEEE International Conference on Data Mining (ICDM), Workshop on Data Mining for Computer Security (DMSEC)","author":"Yurcik W.","year":"2003","unstructured":"W. Yurcik , J. Barlow , K. Lakkaraju , and J. Rosendale . A prototype tool for visual data mining of network traffic for intrusion detection . In 3rd IEEE International Conference on Data Mining (ICDM), Workshop on Data Mining for Computer Security (DMSEC) , 2003 . W. Yurcik, J. Barlow, K. Lakkaraju, and J. Rosendale. A prototype tool for visual data mining of network traffic for intrusion detection. In 3rd IEEE International Conference on Data Mining (ICDM), Workshop on Data Mining for Computer Security (DMSEC), 2003."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/990301.990305"}],"event":{"name":"CCS04: 11th ACM Conference on Computer and Communications Security 2004","location":"Washington DC USA","acronym":"CCS04","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1029208.1029214","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1029208.1029214","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:31:07Z","timestamp":1750264267000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1029208.1029214"}},"subtitle":["netflow visualizations of link relationships for security situational awareness"],"short-title":[],"issued":{"date-parts":[[2004,10,29]]},"references-count":37,"alternative-id":["10.1145\/1029208.1029214","10.1145\/1029208"],"URL":"https:\/\/doi.org\/10.1145\/1029208.1029214","relation":{},"subject":[],"published":{"date-parts":[[2004,10,29]]},"assertion":[{"value":"2004-10-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}