Visual Analytics for Improving Efficiency of Network Forensics: Account Theft Investigation

In the paper, we propose a technique and means of visual analytics for network forensic investigation. It is assumed that experts will be able to decrease the time required for analysis and for creation of easy readable evidences, timelines and presentation for the court. Also based on an example of account theft cyber-attack investigation the technique for classification of different aspects (slices) of network traffic is proposed. The evaluation and recommendations for the technique usage are also presented.

[1]  Igor V. Kotenko,et al.  Security Analysis of Information Systems Taking into Account Social Engineering Attacks , 2011, 2011 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing.

[2]  Karim H. Vellani Data-driven security , 2007 .

[3]  Igor V. Kotenko,et al.  Simulation of Internet DDoS Attacks and Defense , 2006, ISC.

[4]  Luca Viganò,et al.  Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) , 2015, IWSEC 2015.

[5]  Hervé Debar,et al.  Choosing Models for Security Metrics Visualization , 2017, MMM-ACNS.

[6]  Ben Shneiderman,et al.  Ordered and quantum treemaps: Making effective use of 2D space to display hierarchies , 2002, TOGS.

[7]  G. Conti,et al.  Real-time and forensic network data analysis using animated and coordinated visualization , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[8]  Igor V. Kotenko,et al.  VisSecAnalyzer: A Visual Analytics Tool for Network Security Assessment , 2013, CD-ARES Workshops.

[9]  Igor V. Kotenko,et al.  Visualization Model for Monitoring of Computer Networks Security Based on the Analogue of Voronoi Diagrams , 2016, CD-ARES.

[10]  Russ Burtner,et al.  CyberPetri at CDX 2016: Real-time network situation awareness , 2016, 2016 IEEE Symposium on Visualization for Cyber Security (VizSec).

[11]  Igor Kotenko AGENT-BASED MODELING AND SIMULATION OF CYBERWARFARE BETWEEN MALEFACTORS AND SECURITY AGENTS IN INTERNET , 2005 .

[12]  Robert Bruce Whitaker,et al.  Applying Information Visualization to Computer Security Applications , 2010 .

[13]  Sébastien Tricaud,et al.  Applied parallel coordinates for logs and network traffic attack analysis , 2009, Journal in Computer Virology.

[14]  Igor Kotenko,et al.  Active vulnerability assessment of computer networks by simulation of complex remote attacks , 2003, 2003 International Conference on Computer Networks and Mobile Computing, 2003. ICCNMC 2003..

[15]  Heejo Lee,et al.  PCAV: Internet Attack Visualization on Parallel Coordinates , 2005, ICICS.

[16]  Raffael Marty,et al.  Applied Security Visualization , 2008 .