Manual analysis of security-related events is still a necessity to investigate non-trivial cyber attacks. This task is particularly hard when the events involve slow, stealthy and large-scale activities typical of the modern cybercriminals' strategy. In this regard, visualization tools can effectively help analysts in their investigations. In this paper, we present BURN, an interactive visualization tool for displaying autonomous systems exhibiting rogue activity that helps at finding misbehaving networks through visual and interactive exploration. Up to seven values are displayed in a single visual element, while avoiding cumbersome and confusing maps. To this end, animations and alpha channels are leveraged to create simple views that highlight relevant activity patterns. In addition, BURN incorporates a simple algorithm to identify migrations of nefarious services across autonomous systems, which can support, for instance, root-cause analysis and law enforcement investigations.

BURN: Baring Unknown Rogue Networks

MAGGI, FEDERICO;CAVIGLIA, GIORGIO;ZANERO, STEFANO;CIUCCARELLI, PAOLO
2011

Abstract

Manual analysis of security-related events is still a necessity to investigate non-trivial cyber attacks. This task is particularly hard when the events involve slow, stealthy and large-scale activities typical of the modern cybercriminals' strategy. In this regard, visualization tools can effectively help analysts in their investigations. In this paper, we present BURN, an interactive visualization tool for displaying autonomous systems exhibiting rogue activity that helps at finding misbehaving networks through visual and interactive exploration. Up to seven values are displayed in a single visual element, while avoiding cumbersome and confusing maps. To this end, animations and alpha channels are leveraged to create simple views that highlight relevant activity patterns. In addition, BURN incorporates a simple algorithm to identify migrations of nefarious services across autonomous systems, which can support, for instance, root-cause analysis and law enforcement investigations.
Proceedings of the 8th International Symposium on Visualization for Cyber Security
9781450306799
File in questo prodotto:
File Dimensione Formato  
BURN_full ACM.pdf

Accesso riservato

: Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione 477.14 kB
Formato Adobe PDF
477.14 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11311/590884
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? ND
social impact