Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.6.1315

A Method for Detection and Classification of Normal Server Activities and Attacks Composed of Similar Connection Patterns  

Chang, Beom-Hwan (Howon University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.6, 2012 , pp. 1315-1324 More about this Journal
Abstract
Security visualization is a form of the data visualization techniques in the field of network security by using security-related events so that it is quickly and easily to understand network traffic flow and security situation. In particular, the security visualization that detects the abnormal situation of network visualizing connections between two endpoints is a novel approach to detect unknown attack patterns and to reduce monitoring overhead in packets monitoring technique. However, the session-based visualization doesn't notice a difference between normal traffic and attacks that they are composed of similar connection pattern. Therefore, in this paper, we propose an efficient session-based visualization method for analyzing and detecting between normal server activities and attacks by using the IP address splitting and port attributes analysis. The proposed method can actually be used to detect and analyze the network security with the existing security tools because there is no dependence on other security monitoring methods. And also, it is helpful for network administrator to rapidly analyze the security status of managed network.
Keywords
Network Security; Security Visualization; Network Attack Detection;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Beom-Hwan Chang and Chi-Yoon Jeong, "An Efficient Network Attack Visualization using Security Quad and Cube," ETRI Journal, vol. 33 no 5, pp. 770-779, Oct. 2011.
2 장범환, 나중찬, 장종수, "보안 이벤트 시각화를 이용한 보안 상황 인지 기술," 정보보호학회지, 16(2), pp. 18-25, 2006년 8월.
3 정치윤, 손선경, 장범환, 나중찬, "시각화 기반의 효율적인 네트워크 보안 상황 분석 방법," 한국정보보호학회 논문지, 19(3), pp. 107-117, 2009년 6월.
4 A. Giani, I.G.D. Souza, V. Berk, and G. CybenkoI, "Attribution and Aggregation of Network Flows for Security Analysis," Proceedings of the 2006 CERT FloCon Workshop, pp. 1-4, Oct. 2006.
5 E.W. Bethel, S. Campbell, E. Dart, K. Stockinger, and K. Wu, "Accelerating Network Traffic Analytics Using Query- Driven Visualization," Proceedings of the 2006 IEEE Symposium on Visual Analytics Science and Technology, pp. 115-122, Oct. 2006.
6 Y. Hu, "Adaptive Flow Aggregation-A New Solution for Robust Flow Monitoring under Security Attacks," Proceedings of the 10th IEEE/IFIP on Network Operations and Management Symposium, pp. 424-435, Apr. 2006.
7 E.L. Malecot, M. Kohara, Y. Hori, and K. Sakurai, "Interactively Combining 2D and 3D Visualization for Network Traffic Monitoring," Proceedings of the 3rd International Workshop on Visualization for Computer Security, pp. 123-127, Nov. 2006.
8 A. Oline and D. Reiners, "Exploring Three-Dimensional Visualization for Intrusion Detection," Proceedings of the IEEE Workshop on Visualization for Computer Security, pp. 113-120, Oct. 2005.
9 H. Koike and K. Ohno, "Snortview: Visualization system of snort logs," Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 143-147, Oct. 2004.
10 K. Abdullah, C. Lee, G. Conti, J. Copeland, and J. Stasko, "IDS RainStorm: Visualizing IDS Alarms," Proceedings of the IEEE Workshop on Visualization for Computer Security, pp. 1-7, Oct. 2005.
11 P Ren, Y. Gao, Z. Li, Y. Chen, and B. Watson, "IDGraphs: Intrusion Detection and Analysis Using Histographs," Proceedings of the IEEE Workshop on Visualization for Computer Security, pp. 39-46, Oct. 2005.
12 R. Erbacher, K. Christensen, and A. Sundberg, "Designing Visualization Capabilities for IDS Challenges," Proceedings of the IEEE Workshop on Visualization for Computer Security, pp. 121-128, Oct. 2005.
13 S. Lau, "The Spinning Cube of Potential Doom," Communications of the ACM, vol. 47, no. 6, pp. 25-26, Jun. 2004.   DOI   ScienceOn
14 G. Conti, and K. Abdullah, "Passive Visual Fingerprinting of Network Attack Tools," Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 45-54, Oct. 2004.
15 R. Ball, G.A. Fink, and C. North, "Home-Centric Visualization of Network Traffic for Security Administration," Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 55-64, Oct. 2004.
16 J. McPherson, K. Ma, P. Krystosk, T. Bartoletti, and M. Christensen, "PortVis: A Tool for Port-Based Detection of Security Events," Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 73-81, Oct. 2004.
17 S. Krasser, G. Conti, J. Grizzard, J. Gribschaw, and H. Owen, "Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization," Proceedings of the 2005 IEEE Workshop on Information Assurance Workshop, pp. 42-49, Jun. 2005.
18 K. Lakkaraju, W. Yurcik, and A.J. Lee, "NVisionIP: Netflow Visualizations of System State for Security Situational Awareness," Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 65-72, Oct. 2004.
19 X. Yin, W. Yurcik, and A. Slagell, "The Design of VisFlowConnect-IP: A Link Analysis System for IP Security Situational Awareness," Proceedings of the 3rd IEEE International Workshop on Information Assurance, pp. 141-153, Mar. 2005.
20 A. Wagner and B. Plattner, "Entropy Based Worm and Anomaly Detection in Fast IP Networks," Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise, pp. 172-177, Jun. 2005.