Skip to main content
SpringerLink
Log in

A Visualization Scheme for Network Forensics Based on Attribute Oriented Induction Based Frequent Item Mining and Hyper Graph

  • Conference paper
  • First Online:
Book cover Digital Forensics and Cyber Crime (ICDF2C 2017)

Included in the following conference series:

Abstract

Visualizing massive network traffic flows or security logs can facilitate network forensics, such as in the detection of anomalies. However, existing visualization methods do not generally scale well, or are not suited for dealing with large datasets. Thus, in this paper, we propose a visualization scheme, where an attribute-oriented induction-based frequent-item mining algorithm (AOI-FIM) is used to extract attack patterns hidden in a large dataset. Also, we leverage the hypergraph to display multi-attribute associations of the extracted patterns. An interaction module designed to facilitate forensics analyst in fetching event information from the database and identifying unknown attack patterns is also presented. We then demonstrate the utility of our approach (i.e. using both frequent item mining and hypergraphs to deal with visualization problems in network forensics).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2(1), 3 (2015)

    Article  Google Scholar 

  2. Bhatt, S., Manadhata, P.K., Zomlot, L.: The operational role of security information and event management systems. IEEE Secur. Priv. 12(5), 35–41 (2014)

    Google Scholar 

  3. Cardenas, A.A., Manadhata, P.K., Rajan, S.P.: Big data analytics for security. Secur. Priv. IEEE 11(6), 74–76 (2013)

    Article  Google Scholar 

  4. Tassone, C., Martini, B., Choo, K.K.R.: Forensic visualization: survey and future research directions. In: Contemporary Digital Forensic Investigations of Cloud & Mobile Applications, pp. 163–184 (2017)

    Google Scholar 

  5. Tassone, C.F., Martini, B., Choo, K.R.: Visualizing digital forensic datasets: a proof of concept. J. Forensic Sci. (2017)

    Google Scholar 

  6. Quick, D., Choo, K.K.R.: Big forensic data management in heterogeneous distributed systems: quick analysis of multimedia forensic data. Softw. Pract. Exp. 47(8), 1095–1109 (2016)

    Google Scholar 

  7. Choi, H., Lee, H., Kim, H.: Fast detection and visualization of network attacks on parallel coordinates. Comput. Secur. 28(5), 276–288 (2009)

    Article  Google Scholar 

  8. Inselberg, A.: Multidimensional detective. In: IEEE Symposium on IEEE Information Visualization, Proceedings, pp. 100–107 (1997)

    Google Scholar 

  9. Berthier, R., et al.: Nfsight: NetFlow-based network awareness tool. In: International Conference on Large Installation System Administration USENIX Association, pp. 1–8 (2010)

    Google Scholar 

  10. Yin, X., et al.: VisFlowConnect: NetFlow visualizations of link relationships for security situational awareness. ACM Workshop on Visualization and Data Mining for Computer Security, pp. 26–34. ACM (2004)

    Google Scholar 

  11. Choi, H., Lee, H.: PCAV: internet attack visualization on parallel coordinates. In: Qing, S., Mao, W., López, J., Wang, G. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 454–466. Springer, Heidelberg (2005). https://doi.org/10.1007/11602897_38

    Chapter  Google Scholar 

  12. Krmíček, V., Čeleda, P., Novotný, J.: NfSen plugin supporting the virtual network monitoring. Virtual networks; monitoring; NetFlow, NfSen (2010)

    Google Scholar 

  13. Plonka, D.: FlowScan: a network traffic flow reporting and visualization tool. In: Usenix Conference on System Administration USENIX Association, pp. 305–318 (2000)

    Google Scholar 

  14. Taylor, T., et al.: FloVis: flow visualization system. In: Cybersecurity Applications & Technology IEEE Conference for Homeland Security, CATCH 2009, pp. 186–198 (2009)

    Google Scholar 

  15. Fischer, F., Mansmann, F., Keim, D.A., Pietzko, S., Waldvogel, M.: Large-scale network monitoring for visual analysis of attacks. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 111–118. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85933-8_11

    Chapter  Google Scholar 

  16. Leinen, S.: Fluxoscope a system for flow-based accounting (2000)

    Google Scholar 

  17. Promrit, N., Mingkhwan, A.: Traffic flow classification and visualization for network forensic analysis. In: IEEE International Confrence on Advanced Information Networking and Applications. IEEE, pp. 358–364 (2015)

    Google Scholar 

  18. Yang, W., Wang, G., Bhuiyan, M.Z.A., Choo, K.-K.R.: Hypergraph partitioning for social networks based on information entropy modularity. J. Netw. Comput. Appl. 86, 59–71 (2017)

    Article  Google Scholar 

  19. Glatz, E., et al.: Visualizing big network traffic data using frequent pattern mining and hypergraphs. Computing 96(1), 27–38 (2014)

    Article  Google Scholar 

  20. Hirsch, C., et al.: Traffic flow densities in large transport networks (2016)

    Google Scholar 

  21. Borgelt, C.: Frequent item set mining. Wiley Interdisc. Rev. Data Min. Knowl. Discov. 2(6), 437–456 (2012)

    Article  Google Scholar 

  22. Cai, Y., Cercone, N., Han, J.: Attribute-oriented induction in relational databases. Knowl. Discovery Databases 15(7), 1328–1337 (1989)

    Google Scholar 

  23. Han, J., Cai, Y., Cercone, N.: Knowledge discovery in databases: an attribute-oriented approach. In: International Conference on Very Large Data Bases. Morgan Kaufmann Publishers Inc. 547–559 (1992)

    Google Scholar 

  24. Warnars, S.: Mining frequent pattern with attribute oriented induction high level emerging pattern (AOI-HEP). In: International Conference on Information and Communication Technology IEEE, pp. 149–154 (2014)

    Google Scholar 

  25. Guzzo, A., Pugliese, A., Rullo, A., Saccà, D.: Intrusion detection with hypergraph-based attack models. In: Croitoru, M., Rudolph, S., Woltran, S., Gonzales, C. (eds.) GKR 2013. LNCS (LNAI), vol. 8323, pp. 58–73. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04534-4_5

    Chapter  Google Scholar 

  26. Zhou, D., Huang, J.: Learning with hypergraphs: clustering, classification, and embedding. In: International Conference on Neural Information Processing Systems. MIT Press, pp. 1601–1608 (2006)

    Google Scholar 

  27. Cook, K., et al.: VAST challenge 2012: visual analytics for big data. In: 2012 IEEE Conference on Visual Analytics Science and Technology (VAST), 251–255. IEEE (2012)

    Google Scholar 

Download references

Acknowledgment

This work is supported by National Natural Science Foundation of China (No. 91646120, 61402124, 61572469, 61402022) and Key Lab of Information Network Security, Ministry of Public Security (No. C17614).

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Jianguo Jiang, Jiuming Chen, Chao Liu, Kunying Liu & Min Yu

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Jiuming Chen & Min Yu

  3. Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

Authors
  1. Jianguo Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiuming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kunying Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Min Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Min Yu .

Editor information

Editors and Affiliations

  1. Brno University of Technology , Brno, Czech Republic

    Petr Matoušek

  2. SBA Research Vienna , Vienna, Austria

    Martin Schmiedecker

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jiang, J., Chen, J., Choo, KK.R., Liu, C., Liu, K., Yu, M. (2018). A Visualization Scheme for Network Forensics Based on Attribute Oriented Induction Based Frequent Item Mining and Hyper Graph. In: Matoušek, P., Schmiedecker, M. (eds) Digital Forensics and Cyber Crime. ICDF2C 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 216. Springer, Cham. https://doi.org/10.1007/978-3-319-73697-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-73697-6_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-73696-9

  • Online ISBN: 978-3-319-73697-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation