Title :
Visualizing cyber attacks using IP matrix
Author :
Koike, Hideki ; Ohno, Kazuhiro ; Koizumi, Kanba
Abstract :
An Internet cyber threat monitoring system detects cyber threats using network sensors deployed at particular points on the Internet, statistically analyzes the time of attack, source of attack, and type of attack, and then visualizes the result of this analysis. Existing systems, however, simply visualize country-by-country statistics of attacks or hourly changes of attacks. Using these systems, it is difficult to understand the source of attack, the diffusion of the attack, or the relation between the target and the source of the attack. This paper described a method for visualizing cyber threats by using 2-dimensional matrix representation of IP addresses. The advantages of this method are that: (1) the logical distance of IP addresses is represented intuitively; (2) Internet address space is visualized economically; (3) macroscopic information (Internet level) and microscopic information (local level) are visualized simultaneously. By using this visualization framework, propagation of the Welchia worm and the Sasser.D worm are visualized.
Keywords :
Internet; data visualisation; invasive software; 2-dimensional matrix representation; IP address matrix representation; Internet cyber threat monitoring system; Internet forecasting; Internet worm; Sasser.D worm; Welchia worm; computer virus; cyber attack visualization; information security; information visualization; intrusion detection; network sensors; virus visualization; worm visualization; Computer interfaces; Computer networks; Computer worms; Data visualization; Economic forecasting; IP networks; Information systems; Intrusion detection; Monitoring; Web and internet services;
Conference_Titel :
Visualization for Computer Security, 2005. (VizSEC 05). IEEE Workshop on
Print_ISBN :
0-7803-9477-1
DOI :
10.1109/VIZSEC.2005.1532070
