ETRI Journal

  • 제33권5호
  • /
  • Pages.770-779
  • /
  • 2011
  • /
  • 1225-6463(pISSN)
  • /
  • 2233-7326(eISSN)
한국전자통신연구원 (Electronics and Telecommunications Research Institute)
권호 표지
DOI QR코드

DOI QR Code

An Efficient Network Attack Visualization Using Security Quad and Cube

  • 투고 : 2010.09.29
  • 심사 : 2011.02.24
  • 발행 : 2011.10.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Security quad and cube (SQC) is a network attack analyzer that is capable of aggregating many different events into a single significant incident and visualizing these events in order to identify suspicious or illegitimate behavior. A network administrator recognizes network anomalies by analyzing the traffic data and alert messages generated in the security devices; however, it takes a lot of time to inspect and analyze them because the security devices generate an overwhelming amount of logs and security events. In this paper, we propose SQC, an efficient method for analyzing network security through visualization. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacks. In addition, by providing a detailed analysis of network attacks, this method can more precisely detect and distinguish them from normal events.

키워드

참고문헌

  1. E.W. Bethel et al., "Accelerating Network Traffic Analytics Using Query-Driven Visualization," IEEE Symp. Vis. Anal. Sci. Technol., 2006, pp. 115-122.
  2. A. Wagner and B. Plattner, "Entropy Based Worm and Anomaly Detection in Fast IP Networks," Proc. 14th IEEE Int. WET ICE, 2005, pp. 172-177.
  3. J. Kim, S. Radhakrishnan, and J. Jang, "Cost Optimization in SIS Model of Worm Infection," ETRI J., vol. 28, no. 5, Oct. 2006, pp. 692-695. https://doi.org/10.4218/etrij.06.0206.0026
  4. J. Lee et al., "PKG-VUL: Security Vulnerability Evaluation and Patch Framework for Package-Based Systems," ETRI J., vol. 31, no. 5, Oct. 2009, pp. 554-564. https://doi.org/10.4218/etrij.09.0108.0578
  5. K. Lakkaraju, W. Yurcik, and A.J. Lee, "NVisionIP: Netflow Visualizations of System State for Security Situational Awareness," Proc. ACM Workshop VizSEC/DMSEC, 2004, pp. 65-72.
  6. X. Yin, W. Yurcik, and A. Slagell, "The Design of VisFlowConnect-IP: A Link Analysis System for IP Security Situational Awareness," Proc. 3rd IEEE Int. Workshop Inf. Assurance, 2005, pp. 141-153.
  7. H. Koike and K. Ohno "SnortView: Visualization System of Snort Logs," Proc. ACM Workshop VizSEC/DMSEC, 2004, pp. 143-147.
  8. J. Mcpherson et al., "Portvis: A Tool for Port-Based Detection of Security Events," Proc. ACM Workshop VizSEC/DMSEC, 2004, pp. 73-81.
  9. K. Abdullah et al., "IDS RainStorm: Visualizing IDS Alarms," Proc. IEEE Vis. Comput. Security, 2005, pp. 1-10.
  10. Le Malécot et al., "Interactively Combining 2D and 3D Visualization for Network Traffic Monitoring," Proc. 3rd ACM Int. Workshop Vis. Comput. Security, 2006, pp. 123-127.
  11. R. Ball, G.A. Fink, and C. North, "Home-Centric Visualization of Network Traffic for Security Administration," Proc. ACM Workshop VizSEC/DMSEC, 2004, pp. 55-64.
  12. P. Ren et al., "IDGraphs: Intrusion Detection and Analysis Using Histographs," Proc. IEEE Vis. Comput. Security, 2005, pp. 39-46.
  13. S. Lau, "The Spinning Cube of Potential Doom," Comm. ACM, vol. 47, no. 6, June 2004, pp. 25-26. https://doi.org/10.1145/990680.990699
  14. Y. Hu, "Adaptive Flow Aggregation-A New Solution for Robust Flow Monitoring under Security Attacks," Proc. 10th IEEE/IFIP Netw. Operations Manage. Symp., 2006, pp. 424-435.
  15. S. Krasser et al., "Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization," Proc. 6th IEEE Info. Assurance Workshop, 2005, pp. 42-49.
  16. A. Giani et al., "Attribution and Aggregation of Network Flows for Security Analysis," Proc. 3rd CERT/CC Annual Workshop Flow Anal., 2006.

피인용 문헌

  1. 트래픽 세션의 포트 역할을 이용한 네트워크 공격 시각화 vol.11, pp.4, 2011, https://doi.org/10.17662/ksdim.2015.11.4.047