research-article

Visual spam campaigns analysis using abstract graphs representation

Authors:

Orestis Tsigkas,

Olivier Thonnard,

Dimitrios TzovarasAuthors Info & Claims

VizSec '12: Proceedings of the Ninth International Symposium on Visualization for Cyber Security

Pages 64 - 71

https://doi.org/10.1145/2379690.2379699

Published: 15 October 2012 Publication History

Abstract

In this work we present a visual analytics tool introducing a new kind of graph visualization that exploits the nodes' degree to provide a simplified and more abstract, yet accurate, representation of the most important elements of a security data set and their inter-relationships. Our visualization technique is designed to address two shortcomings of existing graph visualization techniques: scalability of visualization and comprehensibility of results. The main goal of our visual analytics tool is to provide security analysts with an effective way to reason interactively about various attack phenomena orchestrated by cyber criminals. We demonstrate the use of our tool on a large corpus of spam emails by visualizing spam campaigns performed by spam botnets. In particular, we focus on the analysis of spam sent in March 2011 to understand the impact of the Rustock takedown on the botnet ecosystem. As spam botnets continue to play a significant role in the worldwide spam problem, we show with this application how security visualization based on abstract graphs can help us gain insights into the strategic behavior of spam botnets, and a better understanding of large-scale spammers operations.

References

[1]

R. Agrawal, J. Gehrke, D. Gunopulos, and P. Raghavan. Automatic subspace clustering of high dimensional data for data mining applications. In Proceedings of SIGMOD '98, pages 94--105, 1998.

Digital Library

[2]

J. Barnes and P. Hut. A hierarchical O(N log N) force-calculation algorithm. Nature, 324(6096):446--449, Dec. 1986.

[3]

N. Cao, D. Gotz, J. Sun, and H. Qu. DICON: Interactive Visual Analysis of Multidimensional Clusters. IEEE Trans. Vis. Comput. Graphics, 17(12):2581--2590, Dec. 2011.

Digital Library

[4]

Composite Blocking List. http://cbl.abuseat.org.

[5]

J. Dubinski. A parallel tree code. New Astronomy, 1(2):133--147, 1996.

[6]

C. Dunne and B. Shneiderman. Motif Simplification: Improving Network Visualization Readability with Fan and Parallel Glyphs. Technical Report HCIL-2012-11, University of Maryland, May 2012.

[7]

T. M. J. Fruchterman and E. M. Reingold. Graph Drawing by Force-Directed Placement. Softw. Pract. Exper., 21(11):1129--1164, Nov. 1991.

Digital Library

[8]

Z. Geng, Z. Peng, R. S. Laramee, J. C. Roberts, and R. Walker. Angular Histograms: Frequency-Based Visualizations for Large, High Dimensional Data. IEEE Trans. Vis. Comput. Graphics, 17(12):2572--2580, Dec. 2011.

Digital Library

[9]

D. Holten. Hierarchical edge bundles: Visualization of adjacency relations in hierarchical data. IEEE Trans. Vis. Comput. Graphics, 12(5):741--748, Sept. 2006.

Digital Library

[10]

A. Inselberg and B. Dimsdale. Parallel coordinates: A tool for visualizing multi-dimensional geometry. In Proceedings of VIS '90, pages 361--378, 1990.

Digital Library

[11]

D. Keim and H.-P. Kriegel. Visualization Techniques for Mining Large Databases: A Comparison. IEEE Trans. Knowl. Data Eng., 8(6):923--938, Dec. 1996.

Digital Library

[12]

D. A. Keim, F. Mansmann, J. Schneidewind, H. Ziegler, and J. Thomas. Visual analytics: Scope and challenges. December 2008. Visual Data Mining: Theory, Techniques and Tools for Visual Analytics, Springer, Lecture Notes In Computer Science (LNCS).

Digital Library

[13]

T. Kohonen. The Self-Organizing Map. Proceedings of the IEEE, 78(9):1464--1480, Sept. 1990.

[14]

J. B. Kruskal and W. M. Multidimensional Scaling. Sage Publications, Beverly Hills, CA, 1977.

[15]

A. Lex, H.-J. Schulz, M. Streit, C. Partl, and D. Schmalstieg. VisBricks: Multiform Visualization of Large, Inhomogeneous Data. IEEE Trans. Vis. Comput. Graphics, 17(12):2291--2300, Dec. 2011.

Digital Library

[16]

A. Quigley and P. Eades. FADE: Graph Drawing, Clustering, and Visual Abstraction. In Proceedings of GD'00, pages 197--210. Springer-Verlag, 2001.

Digital Library

[17]

V. Satuluri and S. Parthasarathy. Scalable graph clustering using stochastic flows: applications to community discovery. In Proceedings of KDD '09, pages 737--746, 2009.

Digital Library

[18]

B. Shneiderman. The eyes have it: a task by data type taxonomy for information visualizations. In Proceedings of VL '96, pages 336--343, Sept. 1996.

Digital Library

[19]

Symantec. Internet Security Threat Report: 2011 trends. http://www.symantec.com/threatreport/, May 2012.

[20]

Symantec Security Response. Rustock takedown's effect on global spam volume. Available online at http://www.symantec.com/connect/blogs/rustock-takedown-s-effect-global-spam-volume, March 2011.

[21]

Symantec.cloud. Symantec Intelligence Reports. http://www.symanteccloud.com/globalthreats.

[22]

O. Thonnard. A multi-criteria clustering approach to support attack attribution in cyberspace. PhD thesis, École Doctorale d'Informatique, Télécommunications et Électronique de Paris, March 2010.

[23]

O. Thonnard, L. Bilge, G. O'Gorman, S. Kiernan, and M. Lee. Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat. In 15th International Symposium on Research in Attacks, Intrusions and Defenses, RAID'12, 2012.

Digital Library

[24]

O. Thonnard and M. Dacier. A Strategic Analysis of Spam Botnets Operations. In Proceedings of CEAS '11, pages 162--171, 2011.

Digital Library

[25]

O. Thonnard, P.-A. Vervier, and M. Dacier. Spammers Operations: A Multifaceted Strategic Analysis. Special Issue of the Security and Communication Networks, Spam, Phishing, and Countermeasures for Undesirable Electronic Communications, 2012. to appear.

[26]

A. Ultsch. Data Mining and Knowledge Discovery with Emergent Self-Organizing Feature Maps for Multivariate Time Series. In in Kohonen Maps, pages 33--46. Elsevier, 1999.

Cited By

Rabzelj MBohak CJužnič LKos ASedlar U(2023)Cyberattack Graph Modeling for Visual AnalyticsIEEE Access10.1109/ACCESS.2023.330464011(86910-86944)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3304640
Sikos L(2023)Cybersecurity knowledge graphsKnowledge and Information Systems10.1007/s10115-023-01860-365:9(3511-3531)Online publication date: 29-Apr-2023
https://doi.org/10.1007/s10115-023-01860-3
Zakopcanova KRehacek MBatrna JPlakinger DStoppel SKozlikova B(2021)Visilant: Visual Support for the Exploration and Analytical Process Tracking in Criminal InvestigationsIEEE Transactions on Visualization and Computer Graphics10.1109/TVCG.2020.303035627:2(881-890)Online publication date: Feb-2021
https://doi.org/10.1109/TVCG.2020.3030356
Show More Cited By

Recommendations

Botnet spam campaigns can be long lasting: evidence, implications, and analysis
SIGMETRICS '09: Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems

Accurately identifying spam campaigns launched by a large number of bots in a botnet allows for accurate spam campaign signature generation and hence is critical to defeating spamming botnets. The straight-forward approach of clustering all spam ...
Visual Clustering of Spam Emails for DDoS Analysis
IV '11: Proceedings of the 2011 15th International Conference on Information Visualisation

Networking attacks embedded in spam emails are increasingly becoming numerous and sophisticated in nature. Hence this has given a growing need for spam email analysis to identify these attacks. The use of these intrusion detection systems has given rise ...
Botnet spam campaigns can be long lasting: evidence, implications, and analysis
SIGMETRICS '09

Accurately identifying spam campaigns launched by a large number of bots in a botnet allows for accurate spam campaign signature generation and hence is critical to defeating spamming botnets. The straight-forward approach of clustering all spam ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

VizSec '12: Proceedings of the Ninth International Symposium on Visualization for Cyber Security

October 2012

101 pages

ISBN:9781450314138

DOI:10.1145/2379690

General Chair:
Dino Schweitzer
United States Air Force Academy
,
Program Chair:
Daniel Quist
MIT Lincoln Laboratory

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

VizSec '12

VizSec '12: 2012 Symposium on Visualization for Cyber Security

October 15, 2012

Washington, Seattle, USA

Acceptance Rates

Overall Acceptance Rate 39 of 111 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
607
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Rabzelj MBohak CJužnič LKos ASedlar U(2023)Cyberattack Graph Modeling for Visual AnalyticsIEEE Access10.1109/ACCESS.2023.330464011(86910-86944)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3304640
Sikos L(2023)Cybersecurity knowledge graphsKnowledge and Information Systems10.1007/s10115-023-01860-365:9(3511-3531)Online publication date: 29-Apr-2023
https://doi.org/10.1007/s10115-023-01860-3
Zakopcanova KRehacek MBatrna JPlakinger DStoppel SKozlikova B(2021)Visilant: Visual Support for the Exploration and Analytical Process Tracking in Criminal InvestigationsIEEE Transactions on Visualization and Computer Graphics10.1109/TVCG.2020.303035627:2(881-890)Online publication date: Feb-2021
https://doi.org/10.1109/TVCG.2020.3030356
Shi RYang MZhao YZhou FHuang WZhang S(2016)A Matrix-Based Visualization System for Network Traffic ForensicsIEEE Systems Journal10.1109/JSYST.2014.235899710:4(1350-1360)Online publication date: Dec-2016
https://doi.org/10.1109/JSYST.2014.2358997
Guimaraes VFreitas CSadre RTarouco LGranville L(2016)A Survey on Information Visualization for Network and Service ManagementIEEE Communications Surveys & Tutorials10.1109/COMST.2015.245053818:1(285-323)Online publication date: Sep-2017
https://doi.org/10.1109/COMST.2015.2450538
Yu YLong JLiu FCai Z(2016)Machine Learning Combining with Visualization for Intrusion Detection: A SurveyModeling Decisions for Artificial Intelligence10.1007/978-3-319-45656-0_20(239-249)Online publication date: 8-Sep-2016
https://doi.org/10.1007/978-3-319-45656-0_20
Khan WKhan MBin Muhaya FAalsalem MChao H(2015)A Comprehensive Study of Email Spam Botnet DetectionIEEE Communications Surveys & Tutorials10.1109/COMST.2015.245901517:4(2271-2295)Online publication date: Dec-2016
https://doi.org/10.1109/COMST.2015.2459015
Bieh-Zimmert OFelden C(2015)Shaping dataProceedings of the 2015 IEEE International Conference on Big Data (Big Data)10.1109/BigData.2015.7364039(2445-2452)Online publication date: 29-Oct-2015
https://dl.acm.org/doi/10.1109/BigData.2015.7364039
Dunne CShneiderman BMackay WBrewster SBødker S(2013)Motif simplificationProceedings of the SIGCHI Conference on Human Factors in Computing Systems10.1145/2470654.2466444(3247-3256)Online publication date: 27-Apr-2013
https://dl.acm.org/doi/10.1145/2470654.2466444
Papadopoulos STzovaras D(2013)Towards Visualizing Mobile Network DataInformation Sciences and Systems 201310.1007/978-3-319-01604-7_37(379-387)Online publication date: 24-Sep-2013
https://doi.org/10.1007/978-3-319-01604-7_37

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents