发布求助
文献互助 智能选刊 最新文献

2016 IEEE Symposium on Visualization for Cyber Security (VizSec)最新文献

筛选
英文 中文
Understanding the context of network traffic alerts 了解网络流量警报的上下文
2016 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2016-11-10 DOI: 10.1109/VIZSEC.2016.7739579
B. Cappers, J. V. Wijk
{"title":"Understanding the context of network traffic alerts","authors":"B. Cappers, J. V. Wijk","doi":"10.1109/VIZSEC.2016.7739579","DOIUrl":"https://doi.org/10.1109/VIZSEC.2016.7739579","url":null,"abstract":"For the protection of critical infrastructures against complex virus attacks, automated network traffic analysis and deep packet inspection are unavoidable. However, even with the use of network intrusion detection systems, the number of alerts is still too large to analyze manually. In addition, the discovery of domain-specific multi stage viruses (e.g., Advanced Persistent Threats) are typically not captured by a single alert. The result is that security experts are overloaded with low-level technical alerts where they must look for the presence of an APT. In this paper we propose an alert-oriented visual analytics approach for the exploration of network traffic content in multiple contexts. In our approach CoNTA (Contextual analysis of Network Traffic Alerts), experts are supported to discover threats in large alert collections through interactive exploration using selections and attributes of interest. Tight integration between machine learning and visualization enables experts to quickly drill down into the alert collection and report false alerts back to the intrusion detection system. Finally, we show the effectiveness of the approach by applying it on real world and artificial data sets.","PeriodicalId":307308,"journal":{"name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132403262","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
J-Viz: Finding algorithmic complexity attacks via graph visualization of Java bytecode J-Viz:通过Java字节码的图形可视化发现算法复杂性攻击
2016 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2016-10-01 DOI: 10.1109/VIZSEC.2016.7739575
M. J. Alam, M. Goodrich, Timothy Johnson
{"title":"J-Viz: Finding algorithmic complexity attacks via graph visualization of Java bytecode","authors":"M. J. Alam, M. Goodrich, Timothy Johnson","doi":"10.1109/VIZSEC.2016.7739575","DOIUrl":"https://doi.org/10.1109/VIZSEC.2016.7739575","url":null,"abstract":"We describe a security visualization tool for finding algorithmic complexity attacks in Java bytecode. Our tool, which we call J-Viz, visualizes connected directed graphs derived from Java bytecode according to a canonical node ordering, which we call the sibling-first recursive (SFR) numbering. The particular graphs we consider are derived from applying Shiver's k-CFA framework to Java bytecode, and our visualizer includes helpful links between the nodes of an input graph and the Java bytecode that produced it, as well as a decompiled version of that Java bytecode. We show through experiments involving test cases provided by DARPA that the canonical drawing paradigm used in J-Viz is effective for identifying potential security vulnerabilities for algorithmic complexity attacks.","PeriodicalId":307308,"journal":{"name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127131912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Bigfoot: A geo-based visualization methodology for detecting BGP threats 大脚怪:用于检测BGP威胁的基于地理的可视化方法
2016 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2016-10-01 DOI: 10.1109/VIZSEC.2016.7739583
Meenakshi Syamkumar, Ramakrishnan Durairajan, P. Barford
{"title":"Bigfoot: A geo-based visualization methodology for detecting BGP threats","authors":"Meenakshi Syamkumar, Ramakrishnan Durairajan, P. Barford","doi":"10.1109/VIZSEC.2016.7739583","DOIUrl":"https://doi.org/10.1109/VIZSEC.2016.7739583","url":null,"abstract":"Studies of inter-domain routing in the Internet have highlighted the complex and dynamic nature of connectivity changes that take place daily on a global scale. The ability to assess and identify normal, malicious, irregular and unexpected behaviors in routing update streams is important in daily network and security operations. In this paper we describe Bigfoot, a Border Gateway Protocol (BGP) update visualization system that has been designed to highlight and assess a wide variety of behaviors in update streams. At the core of Bigfoot is the notion of visualizing the announcements of network prefixes via IP geolocation. We investigate different representations of polygons for network footprints and show how straightforward application of IP geolocation can lead to representations that are difficult to interpret. Bigfoot includes techniques to filter, organize, analyze and visualize BGP updates that enable characteristics and behaviors of interest to be identified effectively. To demonstrate Bigfoot's capabilities, we consider 1.79B BGP updates collected over a period of one year and identify 139 candidate events in this data. We investigate a subset of these events in detail, along with ground truth from existing literature to show how network footprint visualizations can be used in operational deployments.","PeriodicalId":307308,"journal":{"name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"920 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116184002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Visually guided flow tracking in software-defined networking 软件定义网络中可视化引导的流量跟踪
2016 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2016-10-01 DOI: 10.1109/VIZSEC.2016.7739586
Tobias Post, T. Wischgoll, Adam R. Bryant, B. Hamann, P. Müller, H. Hagen
{"title":"Visually guided flow tracking in software-defined networking","authors":"Tobias Post, T. Wischgoll, Adam R. Bryant, B. Hamann, P. Müller, H. Hagen","doi":"10.1109/VIZSEC.2016.7739586","DOIUrl":"https://doi.org/10.1109/VIZSEC.2016.7739586","url":null,"abstract":"Software-defined networking (SDN) is a novel configuration technique that has the potential to become the future backbone of computer networking. In contrast to conventional networking techniques, SDN utilizes controller elements to configure groups of networking nodes, resulting in a hierarchy. SDNs have to be simulated and analyzed to identify applicable configuration settings for real world applications. To determine the quality of a SDN configuration, its packet flow is an important indicator for the analysis. This work presents an interactive system for the analysis of SDN data. An intuitive overview of the SDN hierarchy and the underlying packet flow is provided. The ability to track packets through the SDN and to interlink multiple views of the SDN forms an interactive analysis tool that is successfully applied to a simulated SDN dataset.","PeriodicalId":307308,"journal":{"name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132037862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Cesar: Visual representation of source code vulnerabilities Cesar:源代码漏洞的可视化表示
2016 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2016-10-01 DOI: 10.1109/VIZSEC.2016.7739576
Hala Assal, S. Chiasson, R. Biddle
{"title":"Cesar: Visual representation of source code vulnerabilities","authors":"Hala Assal, S. Chiasson, R. Biddle","doi":"10.1109/VIZSEC.2016.7739576","DOIUrl":"https://doi.org/10.1109/VIZSEC.2016.7739576","url":null,"abstract":"Code analysis tools are not widely accepted by developers, and software vulnerabilities are detected by the thousands every year. We take a user-centered approach to that problem, starting with analyzing one of the popular open source static code analyzers, and uncover serious usability issues facing developers. We then design Cesar, a system offering developers a visual analysis environment to support their quest to rid their code of vulnerabilities. We present a prototype implementation of Cesar, and perform a usability analysis of the prototype and the visualizations it employs. Our analysis shows that the prototype is promising in promoting collaboration, exploration, and enabling developers to focus on the overall quality of their code as well as inspect individual vulnerabilities. We finally provide general recommendations to guide future designs of code review tools to enhance their usability.","PeriodicalId":307308,"journal":{"name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122830899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
V3SPA: A visual analysis, exploration, and diffing tool for SELinux and SEAndroid security policies V3SPA:用于SELinux和SEAndroid安全策略的可视化分析、探索和区分工具
2016 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2016-10-01 DOI: 10.1109/VIZSEC.2016.7739580
R. Gove
{"title":"V3SPA: A visual analysis, exploration, and diffing tool for SELinux and SEAndroid security policies","authors":"R. Gove","doi":"10.1109/VIZSEC.2016.7739580","DOIUrl":"https://doi.org/10.1109/VIZSEC.2016.7739580","url":null,"abstract":"SELinux policies have enormous potential to enforce granular security requirements, but the size and complexity of SELinux security policies make them challenging for security policy administrators to determine whether the implemented policy meets an organization's security requirements. To address the challenges in developing and maintaining SELinux security policies, this paper presents V3SPA (Verification, Validation and Visualization of Security Policy Abstractions). V3SPA is a tool that can import SELinux and Security Enhancements (SE) for Android source or binary policies and visualize them using two views: A policy explorer, and a policy differ. The policy explorer supports users in exploring a policy and understanding the relationships defined by the policy. The diffing view is designed to support differential policy analysis, showing the changes between two versions of a policy. The main contributions of this paper are 1) the design of the policy explorer, and the design and novel usecase for the policy differ, 2) a report on system design considerations to enable the graph visualizations to scale up to visualizing policies with tens of thousands of nodes and edges, and 3) a survey of five SELinux and SE for Android policy developers and analysts. The results of the survey indicate a need for tools such as V3SPA to help policy workers understand the big picture of large, complex security policies.","PeriodicalId":307308,"journal":{"name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123597975","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Detecting malicious logins in enterprise networks using visualization 使用可视化检测企业网络中的恶意登录
2016 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2016-10-01 DOI: 10.1109/VIZSEC.2016.7739582
Hossein Siadati, B. Saket, N. Memon
{"title":"Detecting malicious logins in enterprise networks using visualization","authors":"Hossein Siadati, B. Saket, N. Memon","doi":"10.1109/VIZSEC.2016.7739582","DOIUrl":"https://doi.org/10.1109/VIZSEC.2016.7739582","url":null,"abstract":"Enterprise networks have been a frequent target of data breaches and sabotage. In a widely used method, attackers establish a foothold in the target network by compromising a single computer or account. They then move laterally between computers to access valuable resources and information located deeper inside the network. To move laterally, attackers often steal valid user credentials. This paper is based on the observation that an attackers' pattern of access characteristics of the stolen credentials in the form of <;User, Source, Destination> deviates from benign patterns and can be used to detect malicious logins. In this paper, we present APT-Hunter1, a visualization tool that helps security analysts to explore login data for discovering patterns and detecting malicious logins. To evaluate the proposed system, a pilot study was conducted over an open dataset of more than one billion logins of an enterprise network, provided by Los Alamos National Lab (LANL). Using APT-Hunter, security analysts (unfamiliar with the dataset) were able to detect 349 of 749 malicious logins related to lateral movements performed by a Red Team during a penetration test conducted at LANL. APT-Hunter is currently deployed in a global financial company and helps security analysts detect account compromises.","PeriodicalId":307308,"journal":{"name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133898565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
Visualizing a Malware Distribution Network 可视化恶意软件分发网络
2016 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2016-10-01 DOI: 10.1109/VIZSEC.2016.7739585
Sebastian Peryt, J. Morales, W. Casey, A. Volkmann, B. Mishra, Yang Cai
{"title":"Visualizing a Malware Distribution Network","authors":"Sebastian Peryt, J. Morales, W. Casey, A. Volkmann, B. Mishra, Yang Cai","doi":"10.1109/VIZSEC.2016.7739585","DOIUrl":"https://doi.org/10.1109/VIZSEC.2016.7739585","url":null,"abstract":"In this paper, we present a case study of visual analytics of a Malware Distribution Network (MDN), a connected set of maliciously compromised domains used to disseminate malicious software to victimize computers and users. We formally define the graph of an MDN to visualize top-level-domain (TLD) data collected from Google Safe Browsing reports in a temporal manner characterizing the topological structure. From the collected data, we were able to identify and label a TLD's role in malware distribution. The visual analytics provided insights on the topological structure of MDNs over time including highly connected and persistent TLDs and subnetworks.","PeriodicalId":307308,"journal":{"name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121976733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Uncovering periodic network signals of cyber attacks 揭示网络攻击的周期性网络信号
2016 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2016-10-01 DOI: 10.1109/VIZSEC.2016.7739581
Huynh Ngoc Anh, W. Ng, Alex Ulmer, J. Kohlhammer
{"title":"Uncovering periodic network signals of cyber attacks","authors":"Huynh Ngoc Anh, W. Ng, Alex Ulmer, J. Kohlhammer","doi":"10.1109/VIZSEC.2016.7739581","DOIUrl":"https://doi.org/10.1109/VIZSEC.2016.7739581","url":null,"abstract":"This paper addresses the problem of detecting the presence of malware that leaveperiodictraces innetworktraffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability.","PeriodicalId":307308,"journal":{"name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133416009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Visualization of actionable knowledge to mitigate DRDoS attacks 可视化可操作的知识,以减轻ddos攻击
2016 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2016-10-01 DOI: 10.1109/VIZSEC.2016.7739577
Michaël Aupetit, Yury Zhauniarovich, G. Vasiliadis, M. Dacier, Yazan Boshmaf
{"title":"Visualization of actionable knowledge to mitigate DRDoS attacks","authors":"Michaël Aupetit, Yury Zhauniarovich, G. Vasiliadis, M. Dacier, Yazan Boshmaf","doi":"10.1109/VIZSEC.2016.7739577","DOIUrl":"https://doi.org/10.1109/VIZSEC.2016.7739577","url":null,"abstract":"Distributed Reflective Denial of Service attacks (DRDoS) represent an ever growing security threat. These attacks are characterized by spoofed UDP traffic that is sent to genuine machines, called amplifiers, whose response to the spoofed IP, i.e. the victim machine, is amplified and could be 500 times larger in size than the originating request. In this paper, we provide a method and a tool for Internet Service Providers (ISPs) to assess and visualize the amount of traffic that enters and leaves their network in case it contains innocent amplifiers. We show that amplified traffic usually goes undetected and can consume a significant bandwidth, even when a small number of amplifiers is present. The tool also enables ISPs to simulate various rule-based mitigation strategies and estimate their impact, based on real-world data obtained from amplification honeypots.","PeriodicalId":307308,"journal":{"name":"2016 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127922452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信