2016 IEEE Symposium on Visualization for Cyber Security (VizSec) (2016)
Baltimore, MD, USA
Oct. 24, 2016 to Oct. 24, 2016
Ngoc Anh Huynh , Nanyang Technological University, Singapore
Wee Keong Ng , Nanyang Technological University, Singapore
Alex Ulmer , Fraunhofer IGD, Germany
Jorn Kohlhammer , Fraunhofer IGD, Germany
This paper addresses the problem of detecting the presence of malware that leaveperiodictraces innetworktraffic. This characteristic behavior of malware was found to be surprisingly prevalent in a parallel study. To this end, we propose a visual analytics solution that supports both automatic detection and manual inspection of periodic signals hidden in network traffic. The detected periodic signals are visually verified in an overview using a circular graph and two stacked histograms as well as in detail using deep packet inspection. Our approach offers the capability to detect complex periodic patterns, but avoids the unverifiability issue often encountered in related work. The periodicity assumption imposed on malware behavior is a relatively weak assumption, but initial evaluations with a simulated scenario as well as a publicly available network capture demonstrate its applicability.
Malware, IP networks, Intrusion detection, Visualization, Detectors, Time series analysis, Fourier transforms
N. Anh Huynh, W. Keong Ng, A. Ulmer and J. Kohlhammer, "Uncovering periodic network signals of cyber attacks," 2016 IEEE Symposium on Visualization for Cyber Security (VizSec)(VIZSEC), Baltimore, MD, USA, 2016, pp. 1-8.