Abstract
Intrusion Detection Systems can detect attacks and notify responsible people of these events automatically. However, seeing individual attacks, although useful, is often not enough to understand about the whole attacking process as well as the skills and motivations of the attackers. Attacking step is usually just a phase in the whole intrusion process, in which attackers gather information and prepare required conditions before executing it, and clear log records to hide their traces after executing it. Current approaches to constructing attack scenarios require pre-defining of cause and effect relationships between events, which is a difficult and time-consuming task. In this work, we exploit the linking nature between pages in web applications to propose an attack scenario construction technique without the need of cause and effect relationships pre-definition. Built scenarios are then visualized in space and time coordinate systems to support viewing and analysis. We also develop a prototype implementation based on the proposal and use it to experiment with different simulated attack scenarios.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Roesch, M.: Snort-Lightweight Intrusion Detection For Networks. In: 13th USENIX Conference on System Administration, pp. 229–238. USENIX Association (1999)
Paxson, V.: Bro: a System for Detecting Network Intruders in Real-time. Computer Networks 31, 2435–2463 (1999)
Erbacher, R.F., Walker, K.L., Frincke, D.A.: Intrusion and Misuse Detection in Large-Scale Systems. IEEE Computer Graphics and Applications 22(1), 38–47 (2002)
Livnat, Y., Agutter, J., Moon, S., Erbacher, R.F., Foresti, S.: A Visualization Paradigm for Network Intrusion Detection. In: 6th Annual IEEE SMC Information Assurance Workshop, pp. 92–99. IEEE, West Point (2005)
Dang, T.T., Dang, T.K.: Visualization of Web Form Submissions for Security Analysis. International Journal of Web Information Systems Information 9(2), 165–180 (2013)
Dang, T.T., Dang, T.K.: A Visual Model for Web Applications Security Monitoring. In: 2011 IEEE International Conference on Information Security and Intelligence Control, pp. 158–162. IEEE (2011)
Debar, H., Wespi, A.: Aggregation and Correlation of Intrusion-Detection Alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)
Ning, P., Cui, Y., Reeves, D.S.: Constructing Attack Scenarios Through Correlation of Intrusion Alerts. In: 9th ACM Conference on Computer and Communications Security, pp. 245–254. ACM, New York (2002)
Lee, J., Podlaseck, M., Schonberg, E., Hoch, R.: Visualization and Analysis of Clickstream Data of Online Stores for Understanding Web Merchandising. Data Mining and Knowledge Discovery 5, 59–84 (2001)
Kawamoto, M., Itoh, T.: A Visualization Technique for Access Patterns and Link Structures of Web Sites. In: 14th International Conference Information Visualization, pp. 11–16. IEEE Computer Society, Washington (2010)
Google Analytics. http://www.google.com/analytics/
Webtrends. http://webtrends.com/
Spiliopoulou, M., Mobasher, B., Berendt, B., Nakagawa, M.: A Framework for the Evaluation of Session Reconstruction Heuristics in Web-Usage Analysis. INFORMS Journal on Computing 15, 171–190 (2003)
Srivastava, J., Cooley, R., Deshpande, M., Tan, P.N.: Web Usage Mining: Discovery and Applications of Usage Patterns from Web Data. SIGKDD Explorations Newsletter 1, 12–23 (2000)
Johnson, B., Shneiderman, B.: Tree-Maps: a Space-Filling Approach to the Visualization of Hierarchical Information Structures. In: 2nd Conference on Visualization, pp. 284–291. IEEE Computer Society Press, Los Alamitos (1991)
Apache HTTP Server. http://httpd.apache.org/
Java DB. http://www.oracle.com/technetwork/java/javadb/index.html
PHPIDS. http://www.phpids.org/
MySQL. http://www.mysql.com/
Subgraph Vega. http://subgraph.com/products.html
OWASP Zed Attack Proxy Project. https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Acunetix Web Vulnerability Scanner. http://www.acunetix.com/
Plaisant, C.: The Challenge of Information Visualization Evaluation. In: International Working Conference on Advanced Visual Interfaces, pp. 109–116. ACM, New York (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Dang, T.T., Dang, T.K. (2014). Visualizing Web Attack Scenarios in Space and Time Coordinate Systems. In: Hameurlain, A., Küng, J., Wagner, R., Dang, T., Thoai, N. (eds) Transactions on Large-Scale Data- and Knowledge-Centered Systems XVI. Lecture Notes in Computer Science(), vol 8960. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45947-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-662-45947-8_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45946-1
Online ISBN: 978-3-662-45947-8
eBook Packages: Computer ScienceComputer Science (R0)