Countering network-level denial of information attacks using information visualization

We are besieged with information every day, our inboxes overflow with spam and our search queries return a great deal of irrelevant information. In most cases there is no malicious intent, just simply too much information. However, if we consider active malicious entities, the picture darkens. Denial of information (DoI) attacks assail the human through their computer system and manifest themselves as attacks that target the human's perceptual, cognitive and motor capabilities. By exploiting these capabilities, attackers reduce our ability to acquire and act upon desired information. Even if a traditional denial of service attack against a machine is not possible, the human utilizing the machine may still succumb to DoI attack. When successful, DoI attacks actively alter our decision making, often without our knowledge. In this dissertation, we address the problem of countering DoI attacks. We begin by presenting a taxonomy and framework of DoI attacks and countermeasures to add structure to the problem space. We then closely examine the use of information visualization as a countermeasure. Information visualization is a powerful technique that taps into the high bandwidth visual recognition capability of the human and is well suited to resist DoI attack. Unfortunately, most information visualization systems are designed without a clear emphasis on protecting the human from malicious activity. To address this issue we present a general framework for information visualization system security analysis. We then delve deeply into countering DoI in the network security domain using carefully crafted information visualization techniques to build a DoI attack resistant security visualization system. By creating such a system, we raise the bar on adversaries who now must cope with visualization enhanced humans in addition to traditional automated intrusion detection systems and text-based analysis tools. We conclude with a human-centric evaluation to demonstrate our system's effectiveness.

[1]  Gregory J. Conti,et al.  Why computer scientists should attend hacker conferences , 2005, CACM.

[2]  Norman C. Gysbers,et al.  So Far, So Good , 2002 .

[3]  Stefan Axelsson,et al.  Combining a bayesian classifier with visualisation: understanding the IDS , 2004, VizSEC/DMSEC '04.

[4]  Luc Girardin An Eye on Network Intruder-Administrator Shootouts , 1999, Workshop on Intrusion Detection and Network Monitoring.

[5]  Richard Y. Wang,et al.  Anchoring data quality dimensions in ontological foundations , 1996, CACM.

[6]  H. Herne,et al.  How to Lie with Statistics , 1973 .

[7]  B. Cheswick,et al.  The Internet mapping project , 1998 .

[8]  Alfred Inselberg,et al.  Multidimensional detective , 1997, Proceedings of VIZ '97: Visualization Conference, Information Visualization Symposium and Parallel Rendering Symposium.

[9]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[10]  Chris North,et al.  Visual correlation of host processes and network traffic , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[11]  R. Haber,et al.  Visual Perception , 2018, Encyclopedia of Database Systems.

[12]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[13]  Chris North,et al.  Home-centric visualization of network traffic for security administration , 2004, VizSEC/DMSEC '04.

[14]  C. Morris,et al.  Psychology : An Introduction , 1968 .

[15]  G. A. Miller THE PSYCHOLOGICAL REVIEW THE MAGICAL NUMBER SEVEN, PLUS OR MINUS TWO: SOME LIMITS ON OUR CAPACITY FOR PROCESSING INFORMATION 1 , 1956 .

[16]  Edward R. Tufte,et al.  The Visual Display of Quantitative Information , 1986 .

[17]  Andrew Davison,et al.  Twelve Ways to Fool the Masses When Giving Performance Results on Parallel Computers , 1995 .

[18]  Kofi Nyarko,et al.  Network intrusion visualization with NIVA, an intrusion detection visual analyzer with haptic integration , 2002, Proceedings 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems. HAPTICS 2002.

[19]  Allen Newell,et al.  The psychology of human-computer interaction , 1983 .

[20]  David LeBlanc,et al.  Writing Secure Code , 2001 .

[21]  Jakob Nielsen,et al.  A mathematical model of the finding of usability problems , 1993, INTERCHI.

[22]  Kwan-Liu Ma,et al.  Case study: Interactive visualization for Internet security , 2002, IEEE Visualization, 2002. VIS 2002..

[23]  Edwin Blake An extended platter metaphor for effective reconfigurable network visualization , 2004 .

[24]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[25]  Edward R. Tufte,et al.  The cognitive style of PowerPoint , 2003 .

[26]  William Yurcik,et al.  Two Visual Computer Network Security Monitoring Tools Incorporating Operator Interface Requirements , 2003 .

[27]  Michael I. Jordan,et al.  Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint , 2001 .

[28]  Gerald E. Jones How to Lie with Charts , 1995 .

[29]  Vinod Yegneswaran,et al.  Characteristics of internet background radiation , 2004, IMC '04.

[30]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[31]  David H. Bailey,et al.  Twelve ways to fool the masses when giving performance results on parallel computers , 1991 .

[32]  Wayne G. Lutters,et al.  An Information Visualization Framework for Intrusion Detection , 2004, CHI EA '04.

[33]  Kwan-Liu Ma,et al.  PortVis: a tool for port-based detection of security events , 2004, VizSEC/DMSEC '04.

[34]  Rob Miller,et al.  Johnny 2: a user test of key continuity management with S/MIME and Outlook Express , 2005, SOUPS '05.

[35]  Susan T. Dumais,et al.  A Bayesian Approach to Filtering Junk E-Mail , 1998, AAAI 1998.

[36]  Stephen Lau,et al.  The Spinning Cube of Potential Doom , 2004, CACM.

[37]  Daniel A. Keim,et al.  Visualizing large-scale telecommunication networks and services (case study) , 1999, VIS '99.

[38]  Kwan-Liu Ma,et al.  A visual exploration process for the analysis of Internet routing data , 2003, IEEE Visualization, 2003. VIS 2003..

[39]  Deborah A. Frincke,et al.  Visual behavior characterization for intrusion and misuse detection , 2001, IS&T/SPIE Electronic Imaging.

[40]  A. Globus,et al.  Fourteen Ways to Say Nothing with Scientific Visualization , 1994, Computer.

[41]  Deborah A. Frincke,et al.  Intrusion and Misuse Detection in Large-Scale Systems , 2002, IEEE Computer Graphics and Applications.

[42]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[43]  Edward R. Tufte,et al.  Envisioning Information , 1990 .

[44]  Enjámin,et al.  Pad ++ : A Zoomable Graphical Sketchpad For Exploring Alternate Interface Physics , 1996 .

[45]  Elias Levy Interface Illusions , 2004, IEEE Secur. Priv..

[46]  B. Shneiderman,et al.  The dynamic HomeFinder: evaluating dynamic queries in a real-estate information exploration system , 1992, SIGIR '92.

[47]  Edward R. Tufte Visual explanations: images and quantities, evidence and narrative , 1997 .

[48]  T. J. Jankun-Kelly,et al.  Visual Data Analysis for Detecting Flaws and Intruders in Computer Network Systems , 2004 .

[49]  Patrick Pantel,et al.  SpamCop: A Spam Classification & Organisation Program , 1998, AAAI 1998.

[50]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[51]  Calton Pu,et al.  Guarding the next Internet frontier: countering denial of information attacks , 2002, NSPW '02.

[52]  Samuel Patton,et al.  An Achilles Heel in Signature-Based IDS : Squealing False Positives in SNORT , 2001 .

[53]  Leland Wilkinson The Grammar of Graphics , 1999 .

[54]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[55]  Wayne G. Lutters,et al.  The Work of Intrusion Detection: Rethinking the Role of Security Analysts , 2004, AMCIS.

[56]  Diana K. Smetters,et al.  Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute , 2004, USENIX Security Symposium.

[57]  Hideki Koike,et al.  SnortView: visualization system of snort logs , 2004, VizSEC/DMSEC '04.

[58]  Thomas Goldring Scatter (and other) plots for visualizing user profiling data and network traffic , 2004, VizSEC/DMSEC '04.

[59]  InSeon Yoo,et al.  Visualizing windows executable viruses using self-organizing maps , 2004, VizSEC/DMSEC '04.

[60]  Anita D'Amico,et al.  Information assurance visualizations for specific stages of situational awareness and intended uses: lessons learned , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[61]  Pat Hanrahan,et al.  Interactive visualization of large graphs and networks , 2000 .

[62]  Yifan Li,et al.  VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.

[63]  Bernice E. Rogowitz,et al.  How not to lie with visualization , 1996 .