Topological analysis and visualisation of network monitoring data: Darknet case study
作者: Marc Coudriau , Abdelkader Lahmadi , Jerome Francois
DOI: 10.1109/WIFS.2016.7823920
关键词:
摘要: Network monitoring is a primordial source of data in cyber-security since it may reveal abnormal behaviors users or applications. Indeed, security analysts and tools like IDS (Intrusion Detection system) SIEM (security information event management) rely on them as single combined with others. In this paper, we propose visualisation method derived from the Mapper algorithm that has been developed field Topological Data Analysis (TDA). The its associated tool are able to analyze large number IP packets order make malicious activities patterns easily observable by analysts. We applied our darknet data, i.e. an entire supposed not used subnetwork Internet have found those missed Suricata, widely State-of-the-Art IDS.
univ-lorraine.fr
sci-hub.se 参考文章(19)
Panos Chatziadam, Ioannis G. Askoxylakis, Alexandros Fragkiadakis, A Network Telescope for Early Warning Intrusion Detection international conference on human-computer interaction. pp. 11- 22 ,(2014) , 10.1007/978-3-319-07620-1_2
B. Irwin, J. -P. van Riel, Using InetVis to Evaluate Snort and Bro Scan Detection on a Network Telescope visualization for computer security. pp. 255- 273 ,(2008) , 10.1007/978-3-540-78243-8_17
Facundo Mémoli, Gunnar E. Carlsson, Gurjeet Singh, Topological Methods for the Analysis of High Dimensional Data Sets and 3D Object Recognition eurographics. pp. 91- 100 ,(2007) , 10.2312/SPBG/SPBG07/091-100
Hans-Peter Kriegel, Martin Ester, Jörg Sander, Xiaowei Xu, A density-based algorithm for discovering clusters in large spatial Databases with Noise knowledge discovery and data mining. pp. 226- 231 ,(1996)
Monowar H. Bhuyan, D. K. Bhattacharyya, J. K. Kalita, Network Anomaly Detection: Methods, Systems and Tools IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 303- 336 ,(2014) , 10.1109/SURV.2013.052213.00046
Troy Nunnally, Penyen Chi, Kulsoom Abdullah, A. Selcuk Uluagac, John A. Copeland, Raheem Beyah, P3D: A parallel 3D coordinate visualization for advanced network scans 2013 IEEE International Conference on Communications (ICC). pp. 2052- 2057 ,(2013) , 10.1109/ICC.2013.6654828
Daisuke Inoue, Masashi Eto, Koei Suzuki, Mio Suzuki, Koji Nakao, DAEDALUS-VIZ Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12. pp. 72- 79 ,(2012) , 10.1145/2379690.2379700
Claude Fachkha, Elias Bou-Harb, Mourad Debbabi, Inferring distributed reflection denial of service attacks from darknet Computer Communications. ,vol. 62, pp. 59- 71 ,(2015) , 10.1016/J.COMCOM.2015.01.016
Gunnar Carlsson, Topology and data Bulletin of the American Mathematical Society. ,vol. 46, pp. 255- 308 ,(2009) , 10.1090/S0273-0979-09-01249-X
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149