{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T18:07:57Z","timestamp":1776881277670,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,29]],"date-time":"2004-10-29T00:00:00Z","timestamp":1099008000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,29]]},"DOI":"10.1145\/1029208.1029219","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:58:48Z","timestamp":1107107928000},"page":"65-72","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":168,"title":["NVisionIP"],"prefix":"10.1145","author":[{"given":"Kiran","family":"Lakkaraju","sequence":"first","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Champaign, IL"}]},{"given":"William","family":"Yurcik","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Champaign, IL"}]},{"given":"Adam J.","family":"Lee","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Champaign, IL"}]}],"member":"320","published-online":{"date-parts":[[2004,10,29]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Argus -- metrics. Web Page Mar. 2001. h http:\/\/www.qosient.com\/argus\/metrics.htm i.  Argus -- metrics. Web Page Mar. 2001. h http:\/\/www.qosient.com\/argus\/metrics.htm i."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/1950654.1950680"},{"key":"e_1_3_2_1_3_1","volume-title":"h http:\/\/www.cert.org\/stats\/i. (Jun","author":"CC","year":"2004","unstructured":"CERT\/ CC Statistics 1988--2003, Jan. 2004. h http:\/\/www.cert.org\/stats\/i. (Jun . 2004 ). CERT\/CC Statistics 1988--2003, Jan. 2004. h http:\/\/www.cert.org\/stats\/i. (Jun. 2004)."},{"key":"e_1_3_2_1_4_1","volume-title":"Atlas of Cyberspace","author":"Dodge Martin","year":"2001","unstructured":"Martin Dodge and Rob Kitchin . Atlas of Cyberspace . Addison Wesley , Harlow, England , 2001 . Martin Dodge and Rob Kitchin. Atlas of Cyberspace. Addison Wesley, Harlow, England, 2001."},{"key":"e_1_3_2_1_5_1","volume-title":"SANS","author":"Dunn Jana","year":"2001","unstructured":"Jana Dunn . Security applications for cisco net ow data. Technical report , SANS , Jul. 2001 . h http: \/\/www.sans.org\/rr\/papers\/index.php?id=778 i. Jana Dunn. Security applications for cisco net ow data. Technical report, SANS, Jul. 2001. h http: \/\/www.sans.org\/rr\/papers\/index.php?id=778 i."},{"key":"e_1_3_2_1_6_1","first-page":"210","volume-title":"SPIE '2001 Conference on Visual Data Exploration and Analysis VIII","author":"Robert","year":"2001","unstructured":"Robert F. Erbacher and Deborah Frincke. Visual behavior characterization for intrusion and misuse detection . In SPIE '2001 Conference on Visual Data Exploration and Analysis VIII , pages 210 -- 218 , Jan. 2001 . Robert F. Erbacher and Deborah Frincke. Visual behavior characterization for intrusion and misuse detection. In SPIE '2001 Conference on Visual Data Exploration and Analysis VIII, pages 210--218, Jan. 2001."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/38.974517"},{"key":"e_1_3_2_1_8_1","volume-title":"14th Systems Administration Conference (LISA 2000)","author":"Fullmer Mark","year":"2000","unstructured":"Mark Fullmer and Steve Romig . The osu ow-tools package and cisco net ow logs . In 14th Systems Administration Conference (LISA 2000) , Dec. 2000 . Mark Fullmer and Steve Romig. The osu ow-tools package and cisco net ow logs. In 14th Systems Administration Conference (LISA 2000), Dec. 2000."},{"key":"e_1_3_2_1_9_1","volume-title":"D2K Toolkit User Manual","author":"NCSA Automated Learning Group","year":"2003","unstructured":"NCSA Automated Learning Group . D2K Toolkit User Manual . National Center for Supercomputing Applications , Apr. 2003 . h http: \/\/algdocs.ncsa.uiuc.edu\/TU-20030425-1.pdf i . NCSA Automated Learning Group. D2K Toolkit User Manual. National Center for Supercomputing Applications, Apr. 2003. h http: \/\/algdocs.ncsa.uiuc.edu\/TU-20030425-1.pdf i ."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/191177.191183"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"e_1_3_2_1_12_1","volume-title":"International Multiconference on Measurement, Modelling, and Evaluation of Computer-Communications Systems Performance TOOLS","author":"Lakkaraju Kiran","year":"2003","unstructured":"Kiran Lakkaraju , Ratna Bearavolu , and William Yurcik . Nvisionip -- a traffic visualization tool for security analysis of large and complex networks . In International Multiconference on Measurement, Modelling, and Evaluation of Computer-Communications Systems Performance TOOLS , 2003 . Kiran Lakkaraju, Ratna Bearavolu, and William Yurcik. Nvisionip -- a traffic visualization tool for security analysis of large and complex networks. In International Multiconference on Measurement, Modelling, and Evaluation of Computer-Communications Systems Performance TOOLS, 2003."},{"key":"e_1_3_2_1_13_1","volume-title":"Lee. NVisionIP: An Interactive Network Flow Visualization Tool for Security. In IEEE International Conference on Systems, Man, and Cybernetics (SMC)","author":"Lakkaraju Kiran","year":"2004","unstructured":"Kiran Lakkaraju , William Yurcik , Ratna Bearavolu , and Adam J . Lee. NVisionIP: An Interactive Network Flow Visualization Tool for Security. In IEEE International Conference on Systems, Man, and Cybernetics (SMC) , 2004 . Kiran Lakkaraju, William Yurcik, Ratna Bearavolu, and Adam J. Lee. NVisionIP: An Interactive Network Flow Visualization Tool for Security. In IEEE International Conference on Systems, Man, and Cybernetics (SMC), 2004."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/990680.990699"},{"key":"e_1_3_2_1_15_1","volume-title":"14th Systems Administration Conference (LISA 2000)","author":"Navarro John-Paul","year":"2000","unstructured":"John-Paul Navarro , Bill Nickless , and Linda Winkler . Combining cisco net ow exports with relational database technology for usage statistics, intrusion detection, and network forensics . In 14th Systems Administration Conference (LISA 2000) , Dec. 2000 . John-Paul Navarro, Bill Nickless, and Linda Winkler. Combining cisco net ow exports with relational database technology for usage statistics, intrusion detection, and network forensics. In 14th Systems Administration Conference (LISA 2000), Dec. 2000."},{"key":"e_1_3_2_1_16_1","volume-title":"Web Page","author":"The","year":"2004","unstructured":"The network simulator -- ns--2 . Web Page , May 2004 . h http:\/\/www.isi.edu\/nsnam\/ns\/ i . The network simulator -- ns--2. Web Page, May 2004. h http:\/\/www.isi.edu\/nsnam\/ns\/ i ."},{"key":"e_1_3_2_1_17_1","unstructured":"OPNET Technologies Inc. Web Page Jun. 2004. h http:\/\/www.opnet.com i .  OPNET Technologies Inc. Web Page Jun. 2004. h http:\/\/www.opnet.com i ."},{"key":"e_1_3_2_1_18_1","volume-title":"USENIX Security Symposium 2003","author":"Pennington Adam G.","year":"2003","unstructured":"Adam G. Pennington , John D. Strunk , John Linwood , Griffin, Craig A.N. Soules , Garth R. Goodson , and Gregory R. Ganger . Storage-based intrusion detection: Watching storage activity for suspicious behavior . In USENIX Security Symposium 2003 , 2003 . h http: \/\/www.pdl.cmu.edu\/PDL-FTP\/Secure\/usenix03.pdf i . Adam G. Pennington, John D. Strunk, John Linwood, Griffin, Craig A.N. Soules, Garth R. Goodson, and Gregory R. Ganger. Storage-based intrusion detection: Watching storage activity for suspicious behavior. In USENIX Security Symposium 2003, 2003. h http: \/\/www.pdl.cmu.edu\/PDL-FTP\/Secure\/usenix03.pdf i ."},{"key":"e_1_3_2_1_19_1","volume-title":"14th Systems Administration Conference (LISA 2000)","author":"Plonka Dave","year":"2000","unstructured":"Dave Plonka . Flowscan : A network traffic ow reporting and visualization tool . In 14th Systems Administration Conference (LISA 2000) , Dec. 2000 . Dave Plonka. Flowscan: A network traffic ow reporting and visualization tool. In 14th Systems Administration Conference (LISA 2000), Dec. 2000."},{"key":"e_1_3_2_1_20_1","unstructured":"Secure decisions. Web Page Jun. 2004. h http:\/\/www.securedecisions.com\/ i .  Secure decisions. Web Page Jun. 2004. h http:\/\/www.securedecisions.com\/ i ."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/102377.115768"},{"key":"e_1_3_2_1_22_1","unstructured":"Security incident fusion toolkit SIFT Jun.  Security incident fusion toolkit SIFT Jun."},{"key":"e_1_3_2_1_23_1","unstructured":"CERT Advisory CA-2003-04 MS-SQL Server Worm. Web Page Jan. 2003. h http: \/\/www.cert.org\/advisories\/CA-2003-04.html i .  CERT Advisory CA-2003-04 MS-SQL Server Worm. Web Page Jan. 2003. h http: \/\/www.cert.org\/advisories\/CA-2003-04.html i ."},{"key":"e_1_3_2_1_24_1","volume-title":"Web Page","author":"Snort","year":"2004","unstructured":"Snort : The open source network intrusion detection system . Web Page , Jun. 2004 . h http:\/\/www.snort.org i . Snort: The open source network intrusion detection system. Web Page, Jun. 2004. h http:\/\/www.snort.org i ."},{"key":"e_1_3_2_1_25_1","unstructured":"Security threat manager. Web Page Jun. 2004. h http:\/\/www.open.com\/products\/threatmanager\/ threatmanager.shtml% i .  Security threat manager. Web Page Jun. 2004. h http:\/\/www.open.com\/products\/threatmanager\/ threatmanager.shtml% i ."},{"key":"e_1_3_2_1_26_1","volume-title":"Case study: Interactive visualization for internet security","author":"Teoh Soon Tee","year":"2002","unstructured":"Soon Tee Teoh , Kwan-Liu Ma , S. Felix Wu , and Xiaoliang Zhao . Case study: Interactive visualization for internet security . In IEEE Visualization , 2002 . Soon Tee Teoh, Kwan-Liu Ma, S. Felix Wu, and Xiaoliang Zhao. Case study: Interactive visualization for internet security. In IEEE Visualization, 2002."},{"key":"e_1_3_2_1_27_1","volume-title":"The Visual Display of Quantitative Information","author":"Tufte Edward R.","year":"2001","unstructured":"Edward R. Tufte . The Visual Display of Quantitative Information . Graphics Press , P.O. Box 430, Cheshire, CT 06410, Second edition, Jan. 2001 . Edward R. Tufte. The Visual Display of Quantitative Information. Graphics Press, P.O. Box 430, Cheshire, CT 06410, Second edition, Jan. 2001."},{"key":"e_1_3_2_1_28_1","volume-title":"Student Guide","author":"United States Department of Homeland Security.","year":"2004","unstructured":"United States Department of Homeland Security. Team Coordination Training , Student Guide , May 2004 . h http:\/\/www.cgaux.info\/g_ocx\/training\/tct\/ i . United States Department of Homeland Security. Team Coordination Training, Student Guide, May 2004. h http:\/\/www.cgaux.info\/g_ocx\/training\/tct\/ i ."},{"key":"e_1_3_2_1_29_1","volume-title":"Workshop on Information Assurance (WIA04)","author":"Yin Xiaoxin","year":"2004","unstructured":"Xiaoxin Yin , William Yurcik , Yifan Li , Kiran Lakkaraju , and Cristina Abad . Vis owconnect : Providing security situational awareness by visualizing network traffic ows . In Workshop on Information Assurance (WIA04) held in conjunction with the 23rd IEEE International Performance Computing and Communications Conference (IPCCC) , 2004 . Xiaoxin Yin, William Yurcik, Yifan Li, Kiran Lakkaraju, and Cristina Abad. Vis owconnect: Providing security situational awareness by visualizing network traffic ows. In Workshop on Information Assurance (WIA04) held in conjunction with the 23rd IEEE International Performance Computing and Communications Conference (IPCCC), 2004."},{"key":"e_1_3_2_1_30_1","volume-title":"ACM CHI Workshop on Human-Computer Interaction and Security Systems (HCISEC)","author":"Yurcik William","year":"2003","unstructured":"William Yurcik , James Barlow , Kiran Lakkaraju , and Mike Haberman . Two visual computer network security monitoring tools incorporating operator interface . In ACM CHI Workshop on Human-Computer Interaction and Security Systems (HCISEC) , 2003 . William Yurcik, James Barlow, Kiran Lakkaraju, and Mike Haberman. Two visual computer network security monitoring tools incorporating operator interface. In ACM CHI Workshop on Human-Computer Interaction and Security Systems (HCISEC), 2003."},{"key":"e_1_3_2_1_31_1","volume-title":"3rd IEEE International Conference on Data Mining (ICDM) Workshop on Data Mining for Computer Security (DMSEC)","author":"Yurcik William","year":"2003","unstructured":"William Yurcik , Kiran Lakkaraju , James Barlow , and Jeff Rosendale . A prototype tool for visual data mining of network traffic for intrusion detection . In 3rd IEEE International Conference on Data Mining (ICDM) Workshop on Data Mining for Computer Security (DMSEC) , 2003 . William Yurcik, Kiran Lakkaraju, James Barlow, and Jeff Rosendale. A prototype tool for visual data mining of network traffic for intrusion detection. In 3rd IEEE International Conference on Data Mining (ICDM) Workshop on Data Mining for Computer Security (DMSEC), 2003."}],"event":{"name":"CCS04: 11th ACM Conference on Computer and Communications Security 2004","location":"Washington DC USA","acronym":"CCS04","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1029208.1029219","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1029208.1029219","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:31:07Z","timestamp":1750264267000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1029208.1029219"}},"subtitle":["netflow visualizations of system state for security situational awareness"],"short-title":[],"issued":{"date-parts":[[2004,10,29]]},"references-count":31,"alternative-id":["10.1145\/1029208.1029219","10.1145\/1029208"],"URL":"https:\/\/doi.org\/10.1145\/1029208.1029219","relation":{},"subject":[],"published":{"date-parts":[[2004,10,29]]},"assertion":[{"value":"2004-10-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}