TU Darmstadt / ULB / TUbiblio

Uncovering Periodic Network Signals of Cyber Attacks

Huynh, Ngoc Anh ; Ng, Wee Keong ; Ulmer, Alex ; Kohlhammer, Jörn (2016)
Uncovering Periodic Network Signals of Cyber Attacks.
VizSec 2016. Baltimore, MD, USA (October 24th)
doi: 10.1109/VIZSEC.2016.7739581
Conference or Workshop Item, Bibliographie

Abstract

This paper addresses the problem of detecting the presence of malware that leave periodic traces in network traffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Huynh, Ngoc Anh ; Ng, Wee Keong ; Ulmer, Alex ; Kohlhammer, Jörn
Type of entry: Bibliographie
Title: Uncovering Periodic Network Signals of Cyber Attacks
Language: English
Date: 24 October 2016
Publisher: The Institute of Electrical and Electronics Engineers (IEEE)
Event Title: VizSec 2016
Event Location: Baltimore, MD, USA
Event Dates: October 24th
DOI: 10.1109/VIZSEC.2016.7739581
Abstract:

This paper addresses the problem of detecting the presence of malware that leave periodic traces in network traffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability.

Uncontrolled Keywords: Guiding Theme: Digitized Work, Research Area: Human computer interaction (HCI), Research Area: Modeling (MOD), Intrusion detection, Visual analytics, Histograms
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Mathematical and Applied Visual Computing
Date Deposited: 08 May 2019 06:27
Last Modified: 08 May 2019 06:27
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details