TU Darmstadt / ULB / TUbiblio

Uncovering Periodic Network Signals of Cyber Attacks

Huynh, Ngoc Anh ; Ng, Wee Keong ; Ulmer, Alex ; Kohlhammer, Jörn (2016)
Uncovering Periodic Network Signals of Cyber Attacks.
VizSec 2016. Baltimore, MD, USA (October 24th)
doi: 10.1109/VIZSEC.2016.7739581
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

This paper addresses the problem of detecting the presence of malware that leave periodic traces in network traffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2016
Autor(en): Huynh, Ngoc Anh ; Ng, Wee Keong ; Ulmer, Alex ; Kohlhammer, Jörn
Art des Eintrags: Bibliographie
Titel: Uncovering Periodic Network Signals of Cyber Attacks
Sprache: Englisch
Publikationsjahr: 24 Oktober 2016
Verlag: The Institute of Electrical and Electronics Engineers (IEEE)
Veranstaltungstitel: VizSec 2016
Veranstaltungsort: Baltimore, MD, USA
Veranstaltungsdatum: October 24th
DOI: 10.1109/VIZSEC.2016.7739581
Kurzbeschreibung (Abstract):

This paper addresses the problem of detecting the presence of malware that leave periodic traces in network traffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability.

Freie Schlagworte: Guiding Theme: Digitized Work, Research Area: Human computer interaction (HCI), Research Area: Modeling (MOD), Intrusion detection, Visual analytics, Histograms
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Mathematisches und angewandtes Visual Computing
Hinterlegungsdatum: 08 Mai 2019 06:27
Letzte Änderung: 08 Mai 2019 06:27
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen