Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Uncovering periodic network signals of cyber attacks

 
: Huynh, Ngoc Anh; Ng, Wee Keong; Ulmer, Alex; Kohlhammer, Jörn

:

Best, Daniel M. (General Chair) ; Institute of Electrical and Electronics Engineers -IEEE-:
IEEE Symposium on Visualization for Cyber Security, VizSec 2016 : Baltimore, Maryland, USA, October 24, 2016
Piscataway, NJ: IEEE, 2016
ISBN: 978-1-5090-1606-8 (Print)
ISBN: 978-1-5090-1605-1
8 S.
Symposium on Visualization for Cyber Security (VizSec) <2016, Baltimore/Md.>
Englisch
Konferenzbeitrag
Fraunhofer IGD ()
intrusion detection; Visual analytics; histograms; Guiding Theme: Digitized Work; Research Area: Human computer interaction (HCI); Research Area: Modeling (MOD)

Abstract
This paper addresses the problem of detecting the presence of malware that leave periodic traces in network traffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability.

: http://publica.fraunhofer.de/dokumente/N-428866.html