On detection and visualization techniques for cyber security situation awareness

Networking technologies are exponentially increasing to meet worldwide communication requirements. The rapid growth of network technologies and perversity of communications pose serious security issues. In this paper, we aim to developing an integrated network defense system with situation awareness capabilities to present the useful information for human analysts. In particular, we implement a prototypical system that includes both the distributed passive and active network sensors and traffic visualization features, such as 1D, 2D and 3D based network traffic displays. To effectively detect attacks, we also implement algorithms to transform real-world data of IP addresses into images and study the pattern of attacks and use both the discrete wavelet transform (DWT) based scheme and the statistical based scheme to detect attacks. Through an extensive simulation study, our data validate the effectiveness of our implemented defense system.

[1]  Genshe Chen,et al.  Analysis and visualization of large complex attack graphs for networks security , 2007, SPIE Defense + Commercial Sensing.

[2]  Qifa Ke,et al.  SBotMiner: large scale search bot detection , 2010, WSDM '10.

[3]  Erik Blasch,et al.  Issues and Challenges in Situation Assessment (Level 2 Fusion) , 2006, J. Adv. Inf. Fusion.

[4]  Madhumita Chatterjee,et al.  An Adaptive Distributed Intrusion Detection System for Cloud Computing Framework , 2012, SNDS.

[5]  Konstantina Papagiannaki,et al.  Exploiting Temporal Persistence to Detect Covert Botnet Channels , 2009, RAID.

[6]  Genshe Chen,et al.  Strategies comparison for game theoretic cyber situational awareness and impact assessment , 2007, 2007 10th International Conference on Information Fusion.

[7]  Erik Blasch,et al.  Services oriented architecture (SOA)-based persistent ISR simulation system , 2010, Defense + Commercial Sensing.

[8]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[9]  Farnam Jahanian,et al.  A Survey of Botnet Technology and Defenses , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[10]  Genshe Chen,et al.  Game Theoretic Solutions to Cyber Attack and Network Defense Problems , 2007 .

[11]  John J. Salerno,et al.  Measuring the worthiness of situation assessment , 2011, Proceedings of the 2011 IEEE National Aerospace and Electronics Conference (NAECON).

[12]  Jose B. Cruz,et al.  Game Theoretic Approach to Threat Prediction and Situation Awareness , 2006, 2006 9th International Conference on Information Fusion.

[13]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[14]  Martin R. Stytz,et al.  Overview of Cyber Security: A Crisis of Prioritization , 2005, IEEE Secur. Priv..

[15]  H. W. Hon,et al.  Real time intrusion detection system for outdoor environment , 2012, 2012 International Symposium on Computer Applications and Industrial Electronics (ISCAIE).

[16]  Dan Shen A Markov game approach to cyber security , 2007 .

[17]  Ashraf Darwish,et al.  Intelligent Hybrid Anomaly Network Intrusion Detection System , 2011, FGIT-FGCN.

[18]  George P. Tadda,et al.  Overview of Cyber Situation Awareness , 2010, Cyber Situational Awareness.

[19]  Lu Li,et al.  The Application of Genetic Algorithm to Intrusion Detection in MP2P Network , 2012, ICSI.

[20]  John J. Salerno,et al.  Evaluating algorithmic techniques in supporting situation awareness , 2005, SPIE Defense + Commercial Sensing.

[21]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[22]  Genshe Chen,et al.  On Effectiveness of Hopping-Based Spread Spectrum Techniques for Network Forensic Traceback , 2013, SNPD.

[23]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[24]  Erik Blasch,et al.  Sensor, User, Mission (SUM) Resource Management and Their Interaction with Level 2/3 Fusion , 2006, 2006 9th International Conference on Information Fusion.

[25]  Genshe Chen Information fusion and visualization of cyber-attack graphs , 2007 .

[26]  Dan Shen,et al.  Adaptive Markov Game Theoretic Data Fusion Approach for Cyber Network Defense , 2007, MILCOM 2007 - IEEE Military Communications Conference.