demonstration

A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)

Authors:

Thibaud Mérien,

Xavier Bellekens,

Christophe ClaramuntAuthors Info & Claims

SIGSPATIAL '18: Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

Pages 564 - 567

https://doi.org/10.1145/3274895.3274921

Published: 06 November 2018 Publication History

Abstract

Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatio-temporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy.

References

[1]

M. Batty. Spatial entropy. Geographical analysis, 6:1--31, 1974.

[2]

D. Brosset, C. Cavelier, Costé B., Y. Kermarrec, J. Lartigaud, and P. Laso. Cr@ck3n: A cyber alerts visualization object. In Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, pages 1--2. IEEE, 2017.

[3]

C. Claramunt. A spatial form of diversity. In International Conference on Spatial Information Theory, pages 218--231. Springer LNCS 3693, 2005.

Digital Library

[4]

A. Cook, A. Nicholson, H. Janicke, Maglaras L., and R. Smith. Attribution of cyber attacks on industrial control systems. EAI transactions Industrial Networks and Intelligent Systems, 3(7):151--158.

[5]

G. Gu, R. Perdisci, J. Zhang, and Lee W. Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection. In USENIX security symposium, volume 5, pages 139--154, 2008.

Digital Library

[6]

E. Hodo, X. Bellekens, A. Hamilton, C. Tachtatzis, and R. Atkinson. Shallow and deep networks intrusion detection system: A taxonomy and survey. arXiv preprint arXiv:1701.02145, 2017.

[7]

B. Jasiul, M. Szpyrka, and J. Śliwa. Detection and modeling of cyber attacks with petri nets. Entropy, 16(12):6602--6623, 2014.

[8]

I. Mokube and M. Adams. Honeypots: concepts, approaches, and challenges. In Proceedings of the 45th annual southeast regional conference, pages 321--326. ACM, 2007.

Digital Library

[9]

A. Nicholson, T. Watson, P. Norris, Duffy A., and R. Isbell. A taxonomy of technical attribution techniques for cyber attacks. In European Conference on Information Warfare and Security, page 188. Academic Conferences International Limited, 2012.

[10]

C. Shannon. A mathematical theory of communication. ACM SIGMOBILE Mobile Computing and Communications Review, 5(1):3--55, 2001.

Digital Library

[11]

L. Spitzner. Honeypots: Tracking Hackers, volume 1. Addison-Wesley Reading, 2003.

Digital Library

[12]

W. Strayer, D. Lapsely, Walsh R., and C. Livadas. Botnet detection based on network behavior. In Botnet Detection, pages 1--24. Springer, 2008.

[13]

M. Syamkumar, Durairajan R., and P. Barford. Bigfoot: A geo-based visualization methodology for detecting bgp threats. In Visualization for Cyber Security (VizSec), IEEE Symposium on, pages 1--8. IEEE, 2016.

[14]

O. Thonnard, Mees W., and M. Dacier. On a multicriteria clustering approach for attack attribution. ACM SIGKDD Explorations Newsletter, 12(1):11--20, 2010.

Digital Library

[15]

J. Tölle and Niggemann O. Supporting intrusion detection by graph clustering and graph drawing. In Proceedings of Third International Workshop on Recent Advances in Intrusion Detection RAID 2000, 2000.

[16]

M Withall, Phillips I., and Parish D. Network visualisation: a review. IET communications, 1(3):365--372, 2007.

Cited By

Amin RSevil HKocak SFrancia GHoover P(2020)The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case StudyInformation10.3390/info1201000212:1(2)Online publication date: 22-Dec-2020
https://doi.org/10.3390/info12010002
Bellekens XJayasekara GHindy HBures MBrosset DTachtatzis CAtkinson R(2019)From Cyber-Security Deception to Manipulation and Gratification Through GamificationHCI for Cybersecurity, Privacy and Trust10.1007/978-3-030-22351-9_7(99-114)Online publication date: 12-Jun-2019
https://doi.org/10.1007/978-3-030-22351-9_7

Index Terms

A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)
1. Networks
  1. Network services
    1. Network monitoring
2. Security and privacy
  1. Network security
  2. Software and application security
    1. Social network security and privacy

Recommendations

Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Towards Forensic Analysis of Attacks with DNSSEC
SPW '14: Proceedings of the 2014 IEEE Security and Privacy Workshops

DNS cache poisoning is a stepping stone towards advanced (cyber) attacks, and can be used to monitor users' activities, for censorship, to distribute malware and spam, and even to subvert correctness and availability of Internet networks and services. ...
Machine Learning–based Cyber Attacks Targeting on Controlled Information: A Survey

Stealing attack against controlled information, along with the increasing number of information leakage incidents, has become an emerging cyber security threat in recent years. Due to the booming development and deployment of advanced analytics solutions,...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGSPATIAL '18: Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

November 2018

655 pages

ISBN:9781450358897

DOI:10.1145/3274895

General Chairs:
Farnoush Banaei-Kashani
University of Colorado, Denver
,
Erik Hoel
Esri
,
Program Chairs:
Ralf Hartmut Güting
FernUniversität in Hagen, Germany
,
Roberto Tamassia
Brown University
,
Li Xiong
Emory University

Copyright © 2018 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSPATIAL: ACM Special Interest Group on Spatial Information

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2018

Check for updates

Author Tags

Qualifiers

Demonstration

Conference

SIGSPATIAL '18

Sponsor:

SIGSPATIAL

SIGSPATIAL '18: 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

November 6 - 9, 2018

Washington, Seattle

Acceptance Rates

SIGSPATIAL '18 Paper Acceptance Rate 30 of 150 submissions, 20%;

Overall Acceptance Rate 220 of 1,116 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
140
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Amin RSevil HKocak SFrancia GHoover P(2020)The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case StudyInformation10.3390/info1201000212:1(2)Online publication date: 22-Dec-2020
https://doi.org/10.3390/info12010002
Bellekens XJayasekara GHindy HBures MBrosset DTachtatzis CAtkinson R(2019)From Cyber-Security Deception to Manipulation and Gratification Through GamificationHCI for Cybersecurity, Privacy and Trust10.1007/978-3-030-22351-9_7(99-114)Online publication date: 12-Jun-2019
https://doi.org/10.1007/978-3-030-22351-9_7

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents