Skip to main content
SpringerLink
Log in

Visualizing Web Attack Scenarios in Space and Time Coordinate Systems

  • Chapter
  • First Online:
Transactions on Large-Scale Data- and Knowledge-Centered Systems XVI

Part of the book series: Lecture Notes in Computer Science ((TLDKS,volume 8960))

Abstract

Intrusion Detection Systems can detect attacks and notify responsible people of these events automatically. However, seeing individual attacks, although useful, is often not enough to understand about the whole attacking process as well as the skills and motivations of the attackers. Attacking step is usually just a phase in the whole intrusion process, in which attackers gather information and prepare required conditions before executing it, and clear log records to hide their traces after executing it. Current approaches to constructing attack scenarios require pre-defining of cause and effect relationships between events, which is a difficult and time-consuming task. In this work, we exploit the linking nature between pages in web applications to propose an attack scenario construction technique without the need of cause and effect relationships pre-definition. Built scenarios are then visualized in space and time coordinate systems to support viewing and analysis. We also develop a prototype implementation based on the proposal and use it to experiment with different simulated attack scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Roesch, M.: Snort-Lightweight Intrusion Detection For Networks. In: 13th USENIX Conference on System Administration, pp. 229–238. USENIX Association (1999)

    Google Scholar 

  2. Paxson, V.: Bro: a System for Detecting Network Intruders in Real-time. Computer Networks 31, 2435–2463 (1999)

    Article  Google Scholar 

  3. Erbacher, R.F., Walker, K.L., Frincke, D.A.: Intrusion and Misuse Detection in Large-Scale Systems. IEEE Computer Graphics and Applications 22(1), 38–47 (2002)

    Article  Google Scholar 

  4. Livnat, Y., Agutter, J., Moon, S., Erbacher, R.F., Foresti, S.: A Visualization Paradigm for Network Intrusion Detection. In: 6th Annual IEEE SMC Information Assurance Workshop, pp. 92–99. IEEE, West Point (2005)

    Google Scholar 

  5. Dang, T.T., Dang, T.K.: Visualization of Web Form Submissions for Security Analysis. International Journal of Web Information Systems Information 9(2), 165–180 (2013)

    Article  Google Scholar 

  6. Dang, T.T., Dang, T.K.: A Visual Model for Web Applications Security Monitoring. In: 2011 IEEE International Conference on Information Security and Intelligence Control, pp. 158–162. IEEE (2011)

    Google Scholar 

  7. Debar, H., Wespi, A.: Aggregation and Correlation of Intrusion-Detection Alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Ning, P., Cui, Y., Reeves, D.S.: Constructing Attack Scenarios Through Correlation of Intrusion Alerts. In: 9th ACM Conference on Computer and Communications Security, pp. 245–254. ACM, New York (2002)

    Google Scholar 

  9. Lee, J., Podlaseck, M., Schonberg, E., Hoch, R.: Visualization and Analysis of Clickstream Data of Online Stores for Understanding Web Merchandising. Data Mining and Knowledge Discovery 5, 59–84 (2001)

    Article  Google Scholar 

  10. Kawamoto, M., Itoh, T.: A Visualization Technique for Access Patterns and Link Structures of Web Sites. In: 14th International Conference Information Visualization, pp. 11–16. IEEE Computer Society, Washington (2010)

    Google Scholar 

  11. Google Analytics. http://www.google.com/analytics/

  12. Webtrends. http://webtrends.com/

  13. Spiliopoulou, M., Mobasher, B., Berendt, B., Nakagawa, M.: A Framework for the Evaluation of Session Reconstruction Heuristics in Web-Usage Analysis. INFORMS Journal on Computing 15, 171–190 (2003)

    Article  MATH  Google Scholar 

  14. Srivastava, J., Cooley, R., Deshpande, M., Tan, P.N.: Web Usage Mining: Discovery and Applications of Usage Patterns from Web Data. SIGKDD Explorations Newsletter 1, 12–23 (2000)

    Article  Google Scholar 

  15. Johnson, B., Shneiderman, B.: Tree-Maps: a Space-Filling Approach to the Visualization of Hierarchical Information Structures. In: 2nd Conference on Visualization, pp. 284–291. IEEE Computer Society Press, Los Alamitos (1991)

    Google Scholar 

  16. Apache HTTP Server. http://httpd.apache.org/

  17. Java DB. http://www.oracle.com/technetwork/java/javadb/index.html

  18. PHPIDS. http://www.phpids.org/

  19. MySQL. http://www.mysql.com/

  20. Subgraph Vega. http://subgraph.com/products.html

  21. OWASP Zed Attack Proxy Project. https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

  22. Acunetix Web Vulnerability Scanner. http://www.acunetix.com/

  23. Plaisant, C.: The Challenge of Information Visualization Evaluation. In: International Working Conference on Advanced Visual Interfaces, pp. 109–116. ACM, New York (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ho Chi Minh City University of Technology, VNU-HCM, Ho Chi Minh City, Vietnam

    Tran Tri Dang & Tran Khanh Dang

Authors
  1. Tran Tri Dang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tran Khanh Dang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tran Tri Dang .

Editor information

Editors and Affiliations

  1. IRIT, Paul Sabatier University, Toulouse, France

    Abdelkader Hameurlain

  2. FAW, University of Linz, Linz, Austria

    Josef Küng

  3. FAW, University of Linz, Linz, Austria

    Roland Wagner

  4. Ho Chi Minh City University of Technology, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  5. Ho Chi Minh City University of Technology, Ho Chi Minh City, Vietnam

    Nam Thoai

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Dang, T.T., Dang, T.K. (2014). Visualizing Web Attack Scenarios in Space and Time Coordinate Systems. In: Hameurlain, A., Küng, J., Wagner, R., Dang, T., Thoai, N. (eds) Transactions on Large-Scale Data- and Knowledge-Centered Systems XVI. Lecture Notes in Computer Science(), vol 8960. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45947-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-45947-8_1

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-45946-1

  • Online ISBN: 978-3-662-45947-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation