Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.3.465

A Real-Time and Statistical Visualization Methodology of Cyber Threats Based on IP Addresses  

Moon, Hyeongwoo (Korea Institute of Science and Technology Information(KISTI))
Kwon, Taewoong (Korea Institute of Science and Technology Information(KISTI))
Lee, Jun (Korea Institute of Science and Technology Information(KISTI))
Ryou, Jaecheol (Chungnam National University)
Song, Jungsuk (Korea Institute of Science and Technology Information(KISTI))
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.3, 2020 , pp. 465-479 More about this Journal
Abstract
Regardless of the domestic and foreign governments/companies, SOC (Security Operation Center) has operated 24 hours a day for the entire year to ensure the security for their IT infrastructures. However, almost all SOCs have a critical limitation by nature, caused from heavily depending on the manual analysis of human agents with the text-based monitoring architecture. Even though, in order to overcome the drawback, technologies for a comprehensive visualization against complex cyber threats have been studying, most of them are inappropriate for the security monitoring in large-scale networks. In this paper, to solve the problem, we propose a novel visual approach for intuitive threats monitoring b detecting suspicious IP address, which is an ultimate challenge in cyber security monitoring. The approach particularly makes it possible to detect, trace and analysis of suspicious IPs statistically in real-time manner. As a result, the system implemented by the proposed method is suitably applied and utilized to the real-would environment. Moreover, the usability of the approach is verified by successful detecting and analyzing various attack IPs.
Keywords
Cybersecurity; Visualization; Real-time Monitoring; Statistical Analysis; SOC;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Korea Information Security Industry Association (KISIA), Annual report for 2019: Survey for information security industry in korea, 2019.
2 McAfee Labs, Quarterly Threat Report for 2016: McAfee labs threats report, Dec. 2016.
3 Ponemon Institute Research, Analyst Research Report for 2019: Improving the effectiveness of the SOC, June. 2019.
4 Endance, Research Report for 2019: Challenges of managing and securing the network, 2019.
5 Imperva, Survey for 2108: 27 Percent of IT professionals receive more than 1 million security alerts daily, May. 2018.
6 Demisto, The second annual state of incident response report for 2018: The state of SOAR report, 2018.
7 Enterprise Management Associates (EMA), White Paper for 2017: InfoBrief: a day in the life of a cyber security pro, May. 2017.
8 Lee Dong-Gun, Kim, Huy Kang, and Kim, Eunjin, "Study on security log visualization and security threat detection using RGB palette," The Journal of the Korea Institute of Information Security & Cryptology, 25(1), pp. 61-73, Feb. 2015   DOI
9 Korea Information Security Industry Association (KISIA), The First Annual report for 2019: Industry trend of information security report, 2019.
10 Park, Jae-Beom, Kim, Huy Kang, and Kim, Eunjin, "Design and implementation of the honeycomb structure visualization system for the effective security situational awareness of large-scale networks," The Journal of the Korea Institute of Information Security & Cryptology, 24(6), pp. 1197-1213, Dec. 2014   DOI
11 Koo Bon-Hyun, Cho kyu-Hyung, Cho Sang-Hyun, and Moon Jong-Sub, "Real-time web attack detection visualization tool design and implementation using HTTP header information," Proceedings of the Korea Institutes of Information Security and Cryptology Conference, pp. 637-640, June. 2006
12 Girardin, Luc, "An eye on network intruder-administrator shootouts," Proceedings of the Workshop on Intrusion Detection and Network Monitoring, pp. 19-28, 1999.
13 Koike, Hideki, and Kazuhiro Ohno, "SnortView: visualization system of snort logs," Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 143-147, 2004.
14 K.Nyarko, T.Capers, C.Scott, and K.Ladeji-Osias, "Network intrusion visualization with NIVA, an intrusion detection visual analyzer with haptic integration," Proceedings 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems. HAPTICS 2002, pp. 277-284, Mar. 2002.
15 Y.Zhao, F.Zhou, X.Fan, X.Liang, and Y.Liu, "IDSRadar: a real-time visualization framework for IDS alerts," Science China Information Sciences, vol. 56, no. 8, pp. 1-12, 2013.
16 Roesch, Martin, "Snort: Lightweight intrusion detection for networks," In Proceedings of the 13th USENIX conference on System administration (LISA '99), vol. 99, no. 1, pp. 229-238, Nov. 1999.
17 K.Abdullah, C.P.Lee, G.Conti, J.A.Copeland, and J.Stasko, "IDS rainStorm: visualizing IDS alarms," IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05), pp. 1-10, 2005.
18 Shiravi, Hadi, Ali Shiravi, and Ali A.Ghorbani, "IDS alert visualization and monitoring through heuristic host selection," Proceedings of the 12th International Conference on Information and Communications Security, pp. 445-458, 2010.
19 F.Fischer, J.Fuchs, F.Mansmann, and D.A.Keim, "BANKSAFE: A visual situational awareness tool for large-scale computer networks: VAST 2012 challenge award: Outstanding comprehensive submission, including multiple vizes," In 2012 IEEE Conference on Visual Analytics Science and Technology (VAST), pp. 257-258, Oct. 2012.
20 T.Itoh, H.Takakura, A.Sawada and K.Koyamada, "Hierarchical visualization of network intrusion detection data," In IEEE Computer Graphics and Applications, vol. 26, no. 2, pp. 40-47, 2006.
21 D.Inoue, M.Eto, K.Suzuki, M.Suzuki, and K.Nakao, "DAEDALUS-VIZ: novel real-time 3D visualization for darknet monitoring-based alert system," Proceedings of the ninth international symposium on visualization for cyber security, pp. 72-79, Oct. 2012.