TU Darmstadt / ULB / TUbiblio

Uncovering Periodic Network Signals of Cyber Attacks

Huynh, Ngoc Anh and Ng, Wee Keong and Ulmer, Alex and Kohlhammer, Jörn (2016):
Uncovering Periodic Network Signals of Cyber Attacks.
The Institute of Electrical and Electronics Engineers (IEEE), In: VizSec 2016, Baltimore, MD, USA, October 24th, DOI: 10.1109/VIZSEC.2016.7739581, [Conference or Workshop Item]

Abstract

This paper addresses the problem of detecting the presence of malware that leave periodic traces in network traffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Huynh, Ngoc Anh and Ng, Wee Keong and Ulmer, Alex and Kohlhammer, Jörn
Title: Uncovering Periodic Network Signals of Cyber Attacks
Language: English
Abstract:

This paper addresses the problem of detecting the presence of malware that leave periodic traces in network traffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability.

Publisher: The Institute of Electrical and Electronics Engineers (IEEE)
Uncontrolled Keywords: Guiding Theme: Digitized Work, Research Area: Human computer interaction (HCI), Research Area: Modeling (MOD), Intrusion detection, Visual analytics, Histograms
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Mathematical and Applied Visual Computing
Event Title: VizSec 2016
Event Location: Baltimore, MD, USA
Event Dates: October 24th
Date Deposited: 08 May 2019 06:27
DOI: 10.1109/VIZSEC.2016.7739581
Export:

Optionen (nur für Redakteure)

View Item View Item