Article

Scalable visualization of propagating internet phenomena

Authors:

Alfonso Valdes,

Martin FongAuthors Info & Claims

VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security

Pages 124 - 127

https://doi.org/10.1145/1029208.1029228

Published: 29 October 2004 Publication History

Get Access

Abstract

The Internet has recently been impacted by a number of large distributed attacks that achieve exponential growth through self-propagation. Some of these attacks have exploited vulnerabilities for which advisories had been issued and for which patches and detection signatures were available. It is increasingly apparent, however, that such prevention and detection mechanisms are inadequate, and that the attacker's time to exploit is shrinking relative to the defender's ability to learn of a new attack and patch systems or update intrusion detection signatures. We introduce visual, scalable techniques to detect phenomena such as distributed denial-of-service attacks and worms. It is hoped that these new approaches will enable detection of such events at an early stage and enable local response actions even before the publication of advisories about a new vulnerability and the availability of patches.

References

[1]

Burnett, M. "MRTG for Intrusion Detection With IIS6", http://www.securityfocus.com/1721, August 2003.

Google Scholar

[2]

CE01 CERT, "Code Red II: Another Worm Exploiting Buffer Overflow In IIS Indexing Service DLL", Incident Note IN-2001-09, Aug. 6, 2001. http://www.cert.org/incident_notes/IN-2001-09.html

Google Scholar

[3]

DShield Distributed Intrusion Detection System, http://www.dshield.org.

Google Scholar

[4]

May, J., Peterson, J., and Bauman, J. "Attack Detection in Large Networks", Proceedings of the Second DARPA Information Security Conference and Exposition (DISCEX II), Anaheim, CA, June 2001.

Crossref

Google Scholar

[5]

Moore, D., Paxson, V., Savage, S., Shannon, Colleen, Staniford, S., and Weaver, N. "The Spread of the Sapphire/Slammer Worm", http://www.cs.berkeley.edu/~nweaver/sapphire, 2003.

Google Scholar

[6]

Microsoft Knowledge Base Article - 826234, "Virus Alert About the Nachi Worm", http://support.microsoft.com/default.aspx?kbid=826234, August 2003.

Google Scholar

[7]

Staniford, S, Grim, G., Jonkman, R. "Flash Worms: Thirty Seconds to Infect the Internet", http://www.silicondefense.com/flash/

Google Scholar

[8]

Staniford, S., Paxson, V., and Weaver, N. "How to Own the Internet in Your Spare Time", Proceedings of the 11th USENIX Security Symposium, 2002.

Digital Library

Google Scholar

[9]

Valdes, A. and Fong, M. "Scalable, Signature-Free Characterizations of Propagating Internet Phenomena", Fast abstract presented at Dependable Systems and Networks (DSN04), Florence, Italy, July 2004.

Google Scholar

[10]

Yegneswaran, V., Barford, P., and Ullrich, J. "Internet Intrusions: Global Characteristics and Prevalence", SIGMETRICS03, ACM, 2003.

Digital Library

Google Scholar

Cited By

View all

Rojas DMartin MKapralos B(2016)Evaluating a sound-enhanced intrusion detection system to identify network congestion2016 24th Mediterranean Conference on Control and Automation (MED)10.1109/MED.2016.7535875(1325-1330)Online publication date: Jun-2016
https://doi.org/10.1109/MED.2016.7535875
Guimaraes VFreitas CSadre RTarouco LGranville L(2016)A Survey on Information Visualization for Network and Service ManagementIEEE Communications Surveys & Tutorials10.1109/COMST.2015.245053818:1(285-323)Online publication date: Sep-2017
https://doi.org/10.1109/COMST.2015.2450538
Yuen JTurnbull BHernandez J(2015)Visual analytics for cyber red teaming2015 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VIZSEC.2015.7312765(1-8)Online publication date: 25-Oct-2015
https://doi.org/10.1109/VIZSEC.2015.7312765
Show More Cited By

Index Terms

Scalable visualization of propagating internet phenomena
1. Networks
  1. Network services
    1. Network monitoring

Recommendations

Origins: an approach to trace fast spreading worms to their roots

An automatic distributed mechanism is proposed to identify the propagation roots of fast spreading internet worms. The information obtained can be used to identify local worm outbreaks, identify network intrusion, identify internal network misuse, and help ...
Enhancing SWORD to Detect Zero-Day-Worm-Infected Hosts

Once a host is infected by an Internet worm, prompt action must be taken before that host does more harm to its local network and the rest of the Internet. It is therefore critical to quickly detect that a worm has infected a host. In this paper, we ...
Collaborative Internet Worm Containment

Large-scale worm outbreaks that lead to distributed denial-of-service (DDoS) attacks pose a major threat to the Internet infrastructureýs security. Fast containment is crucial for minimizing damage and preventing flooding attacks against network hosts. ...

Comments

Information & Contributors

Information

Published In

VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security

October 2004

156 pages

ISBN:1581139748

DOI:10.1145/1029208

General Chairs:
Carla Brodley
Tufts University
,
Philip Chan
Florida Institute of Technology
,
Richard Lippman
MIT Lincoln Lab
,
Bill Yurcik
NCSA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 October 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS04

Sponsor:

CCS04: 11th ACM Conference on Computer and Communications Security 2004

October 29, 2004

Washington DC, USA

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
530
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rojas DMartin MKapralos B(2016)Evaluating a sound-enhanced intrusion detection system to identify network congestion2016 24th Mediterranean Conference on Control and Automation (MED)10.1109/MED.2016.7535875(1325-1330)Online publication date: Jun-2016
https://doi.org/10.1109/MED.2016.7535875
Guimaraes VFreitas CSadre RTarouco LGranville L(2016)A Survey on Information Visualization for Network and Service ManagementIEEE Communications Surveys & Tutorials10.1109/COMST.2015.245053818:1(285-323)Online publication date: Sep-2017
https://doi.org/10.1109/COMST.2015.2450538
Yuen JTurnbull BHernandez J(2015)Visual analytics for cyber red teaming2015 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VIZSEC.2015.7312765(1-8)Online publication date: 25-Oct-2015
https://doi.org/10.1109/VIZSEC.2015.7312765
Qi LMartin MKapralos BGreen MGarcía-Ruiz M(2007)Toward sound-assisted intrusion detection systemsProceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II10.5555/1784707.1784756(1634-1645)Online publication date: 25-Nov-2007
https://dl.acm.org/doi/10.5555/1784707.1784756
Dunlop MGates CWong CWang C(2007)SWorD– A Simple Worm Detection Scheme On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS10.1007/978-3-540-76843-2_44(1752-1769)Online publication date: 25-Nov-2007
https://dl.acm.org/doi/10.1007/978-3-540-76843-2_44
Qi LVargas Martin MKapralos BGreen MGarcía-Ruiz M(2007)Toward Sound-Assisted Intrusion Detection SystemsOn the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS10.1007/978-3-540-76843-2_36(1634-1645)Online publication date: 2007
https://doi.org/10.1007/978-3-540-76843-2_36
Mathew SGiomundo RUpadhyaya SSudit MStotz AYurcik BAxelsson SLakkaraju KTeoh S(2006)Understanding multistage attacks by attack-track based visualization of heterogeneous event streamsProceedings of the 3rd international workshop on Visualization for computer security10.1145/1179576.1179578(1-6)Online publication date: 3-Nov-2006
https://dl.acm.org/doi/10.1145/1179576.1179578
van Oorschot PRobert JMartin M(2006)A monitoring system for detecting repeated packets with applications to computer wormsInternational Journal of Information Security10.1007/s10207-006-0081-85:3(186-199)Online publication date: 1-Jul-2006
https://dl.acm.org/doi/10.1007/s10207-006-0081-8
Noh SLee CRyu KChoi KJung G(2004)Detecting Worm Propagation Using Traffic Concentration Analysis and Inductive LearningIntelligent Data Engineering and Automated Learning – IDEAL 200410.1007/978-3-540-28651-6_59(402-408)Online publication date: 2004
https://doi.org/10.1007/978-3-540-28651-6_59

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Origins: an approach to trace fast spreading worms to their roots

Enhancing SWORD to Detect Zero-Day-Worm-Infected Hosts

Collaborative Internet Worm Containment