Visualizing traffic causality for analyzing network anomalies

IWSPA 2015 - Proceedings of the 2015 ACM International Workshop on Security and Privacy Analytics, Co-located with CODASPY 2015

Volumn , Issue , 2015, Pages 37-42

  Zhang, Hao ^a   Sun, Maoyuan ^a   Yao, Danfeng ^a   North, Chris ^a  

^a Virginia Polytechnic Institute and State University   (United States)

Author keywords

Anomaly detection; Information visualization; Network traffic analysis; Usable security; Visual locality

Indexed keywords

ANOMALY DETECTION; COMPLEX NETWORKS; INFORMATION SYSTEMS; KNOWLEDGE MANAGEMENT; MALWARE;

DOMAIN KNOWLEDGE; INFORMATION VISUALIZATION; MONITORING NETWORK; NETWORK ACTIVITIES; NETWORK ANOMALIES; NETWORK TRAFFIC ANALYSIS; USABLE SECURITY; VISUAL LOCALITY;

NETWORK SECURITY;

EID: 84928319653     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2713579.2713583     Document Type: Conference Paper

References (25)

1. H. Asai, K. Fukuda, and H. Esaki. Traffic Causality Graphs: Profiling network applications through temporal and spatial causality of flows. In ITC'11, pages 95-102, 2011.
2. D. M. Best, S. Bohn, D. Love, A. Wynne, and W. A. Pike. Real-time visualization of network behaviors for situational awareness. In VizSec'10, pages 79-90, 2010.
3. A. Boschetti, L. Salgarelli, C. Muelder, and K.-L. Ma. TVi: a visual querying system for network monitoring and anomaly detection. In VizSec'11, page 1, 2011.
4. X. Chen, M. Zhang, Z. M. Mao, and P. Bahl. Automating network application dependency discovery: Experiences, limitations, and new solutions. In OSDI'08, pages 117-130.
5. G. Conti, K. Abdullah, J. Grizzard, J. Stasko, J. A. Copeland, M. Ahamad, H. L. Owen, and C. Lee. Countering security information overload through alert and packet visualization. Computer Graphics & Applications, IEEE, 26(2):60-70, 2006.
6. D3.js: a JavaScript library to display given digital data into graphic, dynamic forms. http://d3js.org.
7. G. A. Fink, P. Muessig, and C. North. Visual correlation of host processes and network traffic. In VizSec'05, page 2, 2005.
8. J. Fonseca, M. Vieira, and H. Madeira. Vulnerability & attack injection for web applications. In DSN'09, pages 93-102, 2009.
9. J. R. Goodall. Visualization is better! A comparative evaluation. In VizSec'09, pages 57-68, 2009.
10. M. Iliofotou, P. Pappu, M. Faloutsos, M. Mitzenmacher, S. Singh, and G. Varghese. Network monitoring using traffic dispersion graphs (TDGs). In IMC'07, pages 315-320, 2007.
11. D. A. Keim, F. Mansmann, J. Schneidewind, and T. Schreck. Monitoring network traffic with radial traffic analyzer. In VAST'06, pages 123-128, 2006.
12. S. T. King, Z. M. Mao, D. G. Lucchetti, and P. M. Chen. Enriching intrusion alerts through multi-host causality. In NDSS'05, 2005.
13. H. Koike and K. Ohno. SnortView: Visualization system of Snort logs. In VizSEC/DMSEC'04, pages 143-147, 2004.
14. Z. Li, M. Zhang, Z. Zhu, Y. Chen, A. G. Greenberg, and Y.-M. Wang. WebProphet: Automating performance prediction for web services. In NSDI'10, pages 143-158, 2010.
15. Malware domain list. http://www.malwaredomainlist.com.
16. Suspicious domains from SANS institute. https://isc.sans.edu/suspicious-domains.html.
17. H. Shiravi, A. Shiravi, and A. A. Ghorbani. A survey of visualization systems for network security. IEEE Trans. Vis. Comput. Graph., 18(8):1313-1329, 2012.
18. H. Song, C. Muelder, and K.-L. Ma. Crucial nodes centric visual monitoring and analysis of computer networks. In CyberSecurity, pages 16-23, 2012.
19. G. Xie, M. Iliofotou, T. Karagiannis, M. Faloutsos, and Y. Jin. ReSurf: Reconstructing web-surfing activity from network traffic. In IFIP Networking Conference, pages 1-9, 2013.
20. K. Xu, D. Yao, Q. Ma, and A. Crowell. Detecting infection onset with behavior-based policies. In NSS'11, pages 57-64.
21. L. Xu, Z. Zhan, S. Xu, and K. Ye. Cross-layer detection of malicious websites. In CODASPY'13, pages 141-152, 2013.
22. W. Yu and R. M. Verma. Visualization of rule-based programming. In SAC'08, pages 1258-1259, 2008.
23. ZeuS tracker domain blocklist. https://zeustracker.abuse.ch/blocklist.php.
24. H. Zhang, W. Banick, D. Yao, and N. Ramakrishnan. User intention-based traffic dependence analysis for anomaly detection. In Security and Privacy Workshops (SPW), 2012 IEEE Symposium on, pages 104-112, 2012.
25. H. Zhang, D. Yao, and N. Ramakrishnan. Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery. In ASIACCS'14, pages 39-50, 2014.