Uncovering periodic network signals of cyber attacks
| Autor: | Jörn Kohlhammer, Ngoc Anh Huynh, Wee Keong Ng, Alex Ulmer |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Visual analytics
021103 operations research Computer science Detector 0211 other engineering and technologies 020207 software engineering Deep packet inspection 02 engineering and technology Intrusion detection system computer.software_genre Visualization Histogram 0202 electrical engineering electronic engineering information engineering Malware Data mining Time series computer |
| Zdroj: | VizSEC |
| DOI: | 10.1109/vizsec.2016.7739581 |
| Popis: | This paper addresses the problem of detecting the presence of malware that leaveperiodictraces innetworktraffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|