Title :
A visual analytics approach to detecting server redirections and data exfiltration
Author :
Weijie Wang ; Baijian Yang ; Chen, Victor Yingjie
Author_Institution :
Dept. of Comput. & Inf. Technol., Purdue Univ., West Lafayette, IN, USA
Abstract :
How to better find potential cyberattacks is a challenging question for security researchers and practitioners. In recent years, visualization has been applied in the field of analyzing cybersecurity issues, but most work has not been able to provide better than non-visualization based techniques. In this paper, we innovatively designed a visual analytics system to allow analysts to overview network traffic and identify such suspicious such activities as server redirection attack and data exfiltration. Because of the nature of the problem, the overview design must be scalable, accurate, and fast. Through aggregating traffic data along the two dimensions of duration and payload, the system reveals key network traffic characteristics for the analyst to identify security events. The system is evaluated with the test data sets from VAST 2013 mini-challenge 3. The results are very encouraging and shed a more positive light on applying visual analytics in information security.
Keywords :
data analysis; data visualisation; security of data; cyberattacks; data exfiltration detection; information security; security events identification; server redirection detection; traffic data aggregation; visual analytics approach; visual analytics system; visualization; Data preprocessing; Decision support systems; Visualization; Web servers; anomaly; data exfiltration; netflow; server redirection; visual analytics;
Conference_Titel :
Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on
Conference_Location :
Baltimore, MD
Print_ISBN :
978-1-4799-9888-3
DOI :
10.1109/ISI.2015.7165932
