skip to main content
10.1145/1029208.1029228acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Scalable visualization of propagating internet phenomena

Published: 29 October 2004 Publication History

Abstract

The Internet has recently been impacted by a number of large distributed attacks that achieve exponential growth through self-propagation. Some of these attacks have exploited vulnerabilities for which advisories had been issued and for which patches and detection signatures were available. It is increasingly apparent, however, that such prevention and detection mechanisms are inadequate, and that the attacker's time to exploit is shrinking relative to the defender's ability to learn of a new attack and patch systems or update intrusion detection signatures. We introduce visual, scalable techniques to detect phenomena such as distributed denial-of-service attacks and worms. It is hoped that these new approaches will enable detection of such events at an early stage and enable local response actions even before the publication of advisories about a new vulnerability and the availability of patches.

References

[1]
Burnett, M. "MRTG for Intrusion Detection With IIS6", http://www.securityfocus.com/1721, August 2003.
[2]
CE01 CERT, "Code Red II: Another Worm Exploiting Buffer Overflow In IIS Indexing Service DLL", Incident Note IN-2001-09, Aug. 6, 2001. http://www.cert.org/incident_notes/IN-2001-09.html
[3]
DShield Distributed Intrusion Detection System, http://www.dshield.org.
[4]
May, J., Peterson, J., and Bauman, J. "Attack Detection in Large Networks", Proceedings of the Second DARPA Information Security Conference and Exposition (DISCEX II), Anaheim, CA, June 2001.
[5]
Moore, D., Paxson, V., Savage, S., Shannon, Colleen, Staniford, S., and Weaver, N. "The Spread of the Sapphire/Slammer Worm", http://www.cs.berkeley.edu/~nweaver/sapphire, 2003.
[6]
Microsoft Knowledge Base Article - 826234, "Virus Alert About the Nachi Worm", http://support.microsoft.com/default.aspx?kbid=826234, August 2003.
[7]
Staniford, S, Grim, G., Jonkman, R. "Flash Worms: Thirty Seconds to Infect the Internet", http://www.silicondefense.com/flash/
[8]
Staniford, S., Paxson, V., and Weaver, N. "How to Own the Internet in Your Spare Time", Proceedings of the 11th USENIX Security Symposium, 2002.
[9]
Valdes, A. and Fong, M. "Scalable, Signature-Free Characterizations of Propagating Internet Phenomena", Fast abstract presented at Dependable Systems and Networks (DSN04), Florence, Italy, July 2004.
[10]
Yegneswaran, V., Barford, P., and Ullrich, J. "Internet Intrusions: Global Characteristics and Prevalence", SIGMETRICS03, ACM, 2003.

Cited By

View all
  • (2016)Evaluating a sound-enhanced intrusion detection system to identify network congestion2016 24th Mediterranean Conference on Control and Automation (MED)10.1109/MED.2016.7535875(1325-1330)Online publication date: Jun-2016
  • (2016)A Survey on Information Visualization for Network and Service ManagementIEEE Communications Surveys & Tutorials10.1109/COMST.2015.245053818:1(285-323)Online publication date: Sep-2017
  • (2015)Visual analytics for cyber red teaming2015 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VIZSEC.2015.7312765(1-8)Online publication date: 25-Oct-2015
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
October 2004
156 pages
ISBN:1581139748
DOI:10.1145/1029208
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 October 2004

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. data mining
  2. internet worms
  3. intrusion detection
  4. scalable visualization

Qualifiers

  • Article

Conference

CCS04
Sponsor:

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2016)Evaluating a sound-enhanced intrusion detection system to identify network congestion2016 24th Mediterranean Conference on Control and Automation (MED)10.1109/MED.2016.7535875(1325-1330)Online publication date: Jun-2016
  • (2016)A Survey on Information Visualization for Network and Service ManagementIEEE Communications Surveys & Tutorials10.1109/COMST.2015.245053818:1(285-323)Online publication date: Sep-2017
  • (2015)Visual analytics for cyber red teaming2015 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VIZSEC.2015.7312765(1-8)Online publication date: 25-Oct-2015
  • (2007)Toward sound-assisted intrusion detection systemsProceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II10.5555/1784707.1784756(1634-1645)Online publication date: 25-Nov-2007
  • (2007)SWorD– A Simple Worm Detection Scheme On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS10.1007/978-3-540-76843-2_44(1752-1769)Online publication date: 25-Nov-2007
  • (2007)Toward Sound-Assisted Intrusion Detection SystemsOn the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS10.1007/978-3-540-76843-2_36(1634-1645)Online publication date: 2007
  • (2006)Understanding multistage attacks by attack-track based visualization of heterogeneous event streamsProceedings of the 3rd international workshop on Visualization for computer security10.1145/1179576.1179578(1-6)Online publication date: 3-Nov-2006
  • (2006)A monitoring system for detecting repeated packets with applications to computer wormsInternational Journal of Information Security10.1007/s10207-006-0081-85:3(186-199)Online publication date: 1-Jul-2006
  • (2004)Detecting Worm Propagation Using Traffic Concentration Analysis and Inductive LearningIntelligent Data Engineering and Automated Learning – IDEAL 200410.1007/978-3-540-28651-6_59(402-408)Online publication date: 2004

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media