Huynh, Ngoc Anh ; Ng, Wee Keong ; Ulmer, Alex ; Kohlhammer, Jörn (2016)
Uncovering Periodic Network Signals of Cyber Attacks.
VizSec 2016. Baltimore, MD, USA (24.10.2016-24.10.2016)
doi: 10.1109/VIZSEC.2016.7739581
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
This paper addresses the problem of detecting the presence of malware that leave periodic traces in network traffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2016 |
| Autor(en): | Huynh, Ngoc Anh ; Ng, Wee Keong ; Ulmer, Alex ; Kohlhammer, Jörn |
| Art des Eintrags: | Bibliographie |
| Titel: | Uncovering Periodic Network Signals of Cyber Attacks |
| Sprache: | Englisch |
| Publikationsjahr: | 24 Oktober 2016 |
| Verlag: | The Institute of Electrical and Electronics Engineers (IEEE) |
| Veranstaltungstitel: | VizSec 2016 |
| Veranstaltungsort: | Baltimore, MD, USA |
| Veranstaltungsdatum: | 24.10.2016-24.10.2016 |
| DOI: | 10.1109/VIZSEC.2016.7739581 |
| Kurzbeschreibung (Abstract): | This paper addresses the problem of detecting the presence of malware that leave periodic traces in network traffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability. |
| Freie Schlagworte: | Guiding Theme: Digitized Work, Research Area: Human computer interaction (HCI), Research Area: Modeling (MOD), Intrusion detection, Visual analytics, Histograms |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Mathematisches und angewandtes Visual Computing |
| Hinterlegungsdatum: | 08 Mai 2019 06:27 |
| Letzte Änderung: | 08 Mai 2019 06:27 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum