Export Citations
2004 Proceeding- General Chairs:
- Carla Brodley,
- Philip Chan,
- Richard Lippman,
- Bill Yurcik
- Sponsor:
- sigsac
This volume contains the papers presented at the CCS Workshop on Visualization and Data Mining for Computer Security. VizSec/DMSec 2004 was held on October 29th, 2004 at George Mason University in conjunction with the Eleventh ACM Conference on Computer and Communications Security.
Information about security on large and complex computer networks is high volume, heterogeneous, distributed, and dynamic over time. This workshop brought together researchers from two complementary approaches for processing high-dimensional data into knowledge: visualization and data mining. Visualization represents high-dimension security data in 2D/3D graphics and animations intended to facilitate quick inferences for situational awareness and focusing of attention on potential security events. Data mining focuses on algorithms to accurately detect patterns in high-dimension security data representing unauthorized system access or computer network attacks. The workshop received 36 paper submissions, from which the 13 long and 6 short papers that appear here were selected by the program committee.
Proceeding Downloads
User re-authentication via mouse movements
We present an approach to user re-authentication based on the data collected from the computer's mouse device. Our underlying hypothesis is that one can successfully model user behavior on the basis of user-invoked mouse movements. Our implemented ...
HMM profiles for network traffic classification
We present techniques for building HMM profiles for network applications using only the packet-level information that remains intact and observable after encryption, namely, packet size and arrival time. Using less information than previously thought ...
MORPHEUS: motif oriented representations to purge hostile events from unlabeled sequences
Most of the prevalent anomaly detection systems use some training data to build models. These models are then utilized to capture any deviations resulting from possible intrusions. The efficacy of such systems is highly dependent upon a training data ...
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
We present a visualization design to enhance the ability of an administrator to detect and investigate anomalous traffic between a local network and external domains. Central to the design is a parallel axes view which displays NetFlow records as links ...
Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP
The security of Internet routing is a major concern because attacks and errors can result in data packets not reaching their intended destination and/or falling into the wrong hands. A key step in improving routing security is to analyze and understand ...
Passive visual fingerprinting of network attack tools
This paper examines the dramatic visual fingerprints left by a wide variety of popular network attack tools in order to better understand the specific methodologies used by attackers as well as the identifiable characteristics of the tools themselves. ...
Home-centric visualization of network traffic for security administration
Today's system administrators, burdened by rapidly increasing network activity, must quickly perceive the security state of their networks, but they often have only text-based tools to work with. These tools often provide no overview to help users grasp ...
NVisionIP: netflow visualizations of system state for security situational awareness
The number of attacks against large computer systems is currently growing at a rapid pace. Despite the best efforts of security analysts, large organizations are having trouble keeping on top of the current state of their networks. In this paper, we ...
PortVis: a tool for port-based detection of security events
Most visualizations of security-related network data require large amounts of finely detailed, high-dimensional data. However, in some cases, the data available can only be coarsely detailed because of security concerns or other limitations. How can ...
Visualizing windows executable viruses using self-organizing maps
This paper concentrates on visualizing computer viruses without using virus specific signature information as a prior stage of the very important problem of detecting computer viruses. In this paper, we address the fact that each viruses have its own ...
CyberSeer: 3D audio-visual immersion for network security and management
Large complex networks have become an inseparable part of modern society. However, very little has been done to develop tools to manage and ensure the security of such networks. Network operators continue to slave over endless daily logs and alerts in a ...
Combining a bayesian classifier with visualisation: understanding the IDS
Despite several years of intensive study, intrusion detection systems still suffer from two key deficiencies: Low detection rates and a high rate of false alarms.
To counteract these drawbacks an interactive detection system based on simple Bayesian ...
Managing attack graph complexity through visual hierarchical aggregation
We describe a framework for managing network attack graph complexity through interactive visualization, which includes hierarchical aggregation of graph elements. Aggregation collapses non-overlapping subgraphs of the attack graph to single graph ...
Scatter (and other) plots for visualizing user profiling data and network traffic
The scatterplot continues to be one of the most useful tools for visualizing numeric data, however what we typically encounter in Computer Security is categorical and/or textual in nature, and how to convert it into a form where scatterplots apply is ...
Scalable visualization of propagating internet phenomena
The Internet has recently been impacted by a number of large distributed attacks that achieve exponential growth through self-propagation. Some of these attacks have exploited vulnerabilities for which advisories had been issued and for which patches ...
Email archive analysis through graphical visualization
The analysis of the vast storehouse of email content accumulated or produced by individual users has received relatively little attention other than for specific tasks such as spam and virus filtering. Current email analysis in standard client ...
NVisionCC: a visualization framework for high performance cluster security
Large high performance clusters are gaining popularity as a means of harnessing vast computing resources at low cost using commodity components. Cluster system administrators face difficulty from two related problems. First, while several cluster ...
Statistical profiling and visualization for detection of malicious insider attacks on computer networks
The massive volume of intrusion detection system (IDS) alarms generated on large networks, and the resulting need for labor-intensive security analysis of the text-based IDS alarm logs, has recently brought into question the cost-effectiveness of IDSs. ...
SnortView: visualization system of snort logs
False detection is a major issue in deploying and maintaining Network-based Intrusion Detection Systems (NIDS). Traditionally, it is recommended to customize its signature database (DB) to reduce false detections. However, it requires quite deep ...
Cited By
-
Wong P, Kao D, Hao M, Chen C, Ghoniem M, Shurkhovetskyy G, Bahey A and Otjacques B (2013). VAFLE: visual analytics of firewall log events IS&T/SPIE Electronic Imaging, 10.1117/12.2037790, , (901704), Online publication date: 23-Dec-2013.
- Ma K Cyber security through visualization Proceedings of the 2006 Asia-Pacific Symposium on Information Visualisation - Volume 60, (3-7)
- Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security