A visual analytics approach to detecting server redirections and data exfiltration

How to better find potential cyberattacks is a challenging question for security researchers and practitioners. In recent years, visualization has been applied in the field of analyzing cybersecurity issues, but most work has not been able to provide better than non-visualization based techniques. In this paper, we innovatively designed a visual analytics system to allow analysts to overview network traffic and identify such suspicious such activities as server redirection attack and data exfiltration. Because of the nature of the problem, the overview design must be scalable, accurate, and fast. Through aggregating traffic data along the two dimensions of duration and payload, the system reveals key network traffic characteristics for the analyst to identify security events. The system is evaluated with the test data sets from VAST 2013 mini-challenge 3. The results are very encouraging and shed a more positive light on applying visual analytics in information security.

[1]  Biswanath Mukherjee,et al.  SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack , 2009 .

[2]  John R. Goodall,et al.  VIAssist: Visual analytics for cyber defense , 2009, 2009 IEEE Conference on Technologies for Homeland Security.

[3]  Yali Liu,et al.  SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack , 2008, 2009 42nd Hawaii International Conference on System Sciences.

[4]  Areej Al-Bataineh,et al.  Analysis and detection of malicious data exfiltration in web traffic , 2012, 2012 7th International Conference on Malicious and Unwanted Software.

[5]  Vincent H. Berk,et al.  Data exfiltration and covert channels , 2006, SPIE Defense + Commercial Sensing.

[6]  G. Cybenko,et al.  Temporal and spatial distributed event correlation for network security , 2004, Proceedings of the 2004 American Control Conference.

[7]  Cheryl Z. Qian,et al.  Multi-aspect visual analytics on large-scale high-dimensional cyber security data , 2015, Inf. Vis..

[8]  Anita D'Amico,et al.  Information assurance visualizations for specific stages of situational awareness and intended uses: lessons learned , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[9]  Robert B. Ross,et al.  The Top 10 Challenges in Extreme-Scale Visual Analytics , 2012, IEEE Computer Graphics and Applications.

[10]  Xiaoping Fan,et al.  MVSec: multi-perspective and deductive visual analytics on heterogeneous network security data , 2014, J. Vis..

[11]  Brian D. Davison,et al.  Cloaking and Redirection: A Preliminary Study , 2005, AIRWeb.

[12]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[13]  Kang G. Shin,et al.  RB-Seeker: Auto-detection of Redirection Botnets , 2009, NDSS.