Case study: interactive visualization for internet security
Proceedings of the conference on Visualization '02
The Eyes Have It: A Task by Data Type Taxonomy for Information Visualizations
VL '96 Proceedings of the 1996 IEEE Symposium on Visual Languages
Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Internet Routing Anomaly Detection and Visualization
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Visualizing Internet Routing Changes
IEEE Transactions on Visualization and Computer Graphics
VAST: visualizing autonomous system topology
Proceedings of the 3rd international workshop on Visualization for computer security
BGP eye: a new visualization tool for real-time detection and analysis of BGP anomalies
Proceedings of the 3rd international workshop on Visualization for computer security
Accurate Real-time Identification of IP Prefix Hijacking
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
PHAS: a prefix hijack alert system
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Ispy: detecting ip prefix hijacking on my own
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
BGPeep: An IP-Space Centered View for Internet Routing Data
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A Method to Detect Prefix Hijacking by Using Ping Tests
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Hi-index | 0.00 |
Routing in the Internet is vulnerable to attacks due to the insecure design of the border gateway protocol (BGP). One possible exploitation of this insecure design is the hijacking of IP blocks. Such hijacked IP blocks can then be used to conduct malicious activities from seemingly legitimate IP addresses. In this study we actively trace and monitor the routes to spam sources over several consecutive days after having received a spam message from such a source. However, the real challenge is to distinguish between legitimate routing changes and those ones that are related to systematic misuse in so-called spam campaigns. To combine the strengths of human judgement and computational efficiency, we thus present a novel visual analytics tool named Vistracer in this paper. This tool represents analysis results of our anomaly detection algorithms on large traceroute data sets with the help of several scalable representations to support the analyst to explore, identify and analyze suspicious events and their relations to malicious activities. In particular, pixel-based visualization techniques, novel glyph-based summary representations and a combination of temporal glyphs in a graph representation are used to give an overview of route changes to specific destinations over time. To evaluate our tool, real-world case studies demonstrate the usage of Vistracer in practice on large-scale data sets.