A Visualization Scheme for Network Forensics Based on Attribute Oriented Induction Based Frequent Item Mining and Hyper Graph

Visualizing massive network traffic flows or security logs can facilitate network forensics, such as in the detection of anomalies. However, existing visualization methods do not generally scale well, or are not suited for dealing with large datasets. Thus, in this paper, we propose a visualization scheme, where an attribute-oriented induction-based frequent-item mining algorithm (AOI-FIM) is used to extract attack patterns hidden in a large dataset. Also, we leverage the hypergraph to display multi-attribute associations of the extracted patterns. An interaction module designed to facilitate forensics analyst in fetching event information from the database and identifying unknown attack patterns is also presented. We then demonstrate the utility of our approach (i.e. using both frequent item mining and hypergraphs to deal with visualization problems in network forensics).

[1]  Domenico Saccà,et al.  Intrusion Detection with Hypergraph-Based Attack Models , 2013, GKR.

[2]  Paul R. Havig,et al.  VAST Challenge 2012: Visual analytics for big data , 2012, IEEE VAST.

[3]  John McHugh,et al.  FloVis: Flow Visualization System , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[4]  Christian Borgelt,et al.  Frequent item set mining , 2012, WIREs Data Mining Knowl. Discov..

[5]  Spits Warnars,et al.  Mining frequent pattern with Attribute Oriented Induction High Level Emerging Pattern (AOI-HEP) , 2014, 2014 2nd International Conference on Information and Communication Technology (ICoICT).

[6]  Yifan Li,et al.  VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.

[7]  Taghi M. Khoshgoftaar,et al.  Intrusion detection and Big Heterogeneous Data: a Survey , 2015, Journal of Big Data.

[8]  Bernhard Ager,et al.  Visualizing big network traffic data using frequent pattern mining and hypergraphs , 2013, Computing.

[9]  Robin Berthier,et al.  Nfsight: netflow-based network awareness tool , 2010 .

[10]  Nuttachot Promrit,et al.  Traffic Flow Classification and Visualization for Network Forensic Analysis , 2015, 2015 IEEE 29th International Conference on Advanced Information Networking and Applications.

[11]  Daniel A. Keim,et al.  Large-Scale Network Monitoring for Visual Analysis of Attacks , 2008, VizSEC.

[12]  Alfred Inselberg,et al.  Multidimensional detective , 1997, Proceedings of VIZ '97: Visualization Conference, Information Visualization Symposium and Parallel Rendering Symposium.

[13]  Heejo Lee,et al.  PCAV: Internet Attack Visualization on Parallel Coordinates , 2005, ICICS.

[14]  Bernhard Schölkopf,et al.  Learning with Hypergraphs: Clustering, Classification, and Embedding , 2006, NIPS.

[15]  Kim-Kwang Raymond Choo,et al.  Hypergraph partitioning for social networks based on information entropy modularity , 2017, J. Netw. Comput. Appl..

[16]  Jiawei Han,et al.  Knowledge Discovery in Databases: An Attribute-Oriented Approach , 1992, VLDB.

[17]  Alvaro A. Cárdenas,et al.  Big Data Analytics for Security , 2013, IEEE Security & Privacy.

[18]  Robert I. A. Patterson,et al.  Traffic flow densities in large transport networks , 2016, Advances in Applied Probability.

[19]  Kim-Kwang Raymond Choo,et al.  Big forensic data management in heterogeneous distributed systems: quick analysis of multimedia forensic data , 2017, Softw. Pract. Exp..

[20]  Jiawei Han,et al.  Attribute-Oriented Induction in Relational Databases , 1991, Knowledge Discovery in Databases.

[21]  Pavel Čeleda,et al.  NfSen Plugin Supporting the Virtual Network Monitoring , 2010 .

[22]  Pratyusa K. Manadhata,et al.  The Operational Role of Security Information and Event Management Systems , 2014, IEEE Security & Privacy.

[23]  Heejo Lee,et al.  Fast detection and visualization of network attacks on parallel coordinates , 2009, Comput. Secur..

[24]  David Plonka,et al.  FlowScan: A Network Traffic Flow Reporting and Visualization Tool , 2000, LISA.

[25]  Kim-Kwang Raymond Choo,et al.  Forensic Visualization: Survey and Future Research Directions , 2017, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[26]  Kim-Kwang Raymond Choo,et al.  Visualizing Digital Forensic Datasets: A Proof of Concept , 2017, Journal of forensic sciences.