Abstract
Host based program monitoring tools are an essential part of maintaining proper system integrity due to growing malicious network activity. As systems become more complicated, the quantity of data collected by these tools often grows beyond the ability of analysts to easily comprehend in a short amount of time. In this paper, we present a method for visual exploration of a system program flow over time to aid in the detection and identification of significant events. This allows automatic accentuation of programs with irregular file access and child process propagation, which results in more efficient forensic analysis and system recovery times.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ring, S., Esler, D., Cole, E.: Self Healing Mechanisms for Kernel System Compromises. In: Proceedings of the 1st ACM SIGSOFT workshop on Self-managed systems. ACM press, New York (2004)
Grizzard, J., Owen, H.: On a μ-kernel Based System Architecture Enabling Recovery from Rootkits. In: Proceedings of the First IEEE International Workshop on Critical Infrastructure Protection, Darmstadt, Germany (2005)
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A Sense of Self for Unix Processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy (1996)
Xia, Y., Fairbanks, K., Owen, H.: A Program Behavior Matching Architecture for Probabilistic File System Forensics. In: ACM SIGOPS Operating Systems Review special issue on Computer Forensics (April 2008)
Prefuse: Information Visualization Toolkit, http://prefuse.org/doc/faq
Balzer, M., Noack, A., Deussen, O., Lewerentz, C.: Software Landscapes: Visualizing the Structure of Large Software Systems. In: Proceedings of the IEEE TCVG Symposium on Visualization, Konstanz, Germany (2004)
Bohnet, J., Dollner, J.: Visual Exploration of Function Call Graphs for Feature Location in Complex Software Systems. In: Proceedings of the 2006 ACM symposium on Software Visualization, Brighton, United Kingdom (2006)
Dornseif, M., Holz, T., Klein, C.: NoSEBrEaK, Attacking Honeynets. In: Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC (2004)
Abdullah, K., Lee, C., Conti, G., Copeland, J., Stasko, J.: IDS Rainstorm: Visualizing IDS Alarms. In: Visualization for Computer Security, VizSec 2005 (2005)
Takada, T., Koike, H.: Tudumi: Information visualization system for monitoring and auditing computer logs. In: Proceedings of Information Visualization (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xia, Y., Fairbanks, K., Owen, H. (2008). Visual Analysis of Program Flow Data with Data Propagation. In: Goodall, J.R., Conti, G., Ma, KL. (eds) Visualization for Computer Security. VizSec 2008. Lecture Notes in Computer Science, vol 5210. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85933-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-85933-8_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85931-4
Online ISBN: 978-3-540-85933-8
eBook Packages: Computer ScienceComputer Science (R0)