Finding a Connection Chain for Tracing Intruders
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Behavioral Authentication of Server Flows
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
HMM profiles for network traffic classification
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Scatter (and other) plots for visualizing user profiling data and network traffic
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Visualizing and discovering non-trivial patterns in large time series databases
Information Visualization
The devil and packet trace anonymization
ACM SIGCOMM Computer Communication Review
On Inferring Application Protocol Behaviors in Encrypted Network Traffic
The Journal of Machine Learning Research
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Timing analysis of keystrokes and timing attacks on SSH
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Traffic classification using a statistical approach
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
On Inferring Application Protocol Behaviors in Encrypted Network Traffic
The Journal of Machine Learning Research
Existence Plots: A Low-Resolution Time Series for Port Behavior Analysis
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Statistical texture analysis methods for network traffic classification
AsiaCSN '07 Proceedings of the Fourth IASTED Asian Conference on Communication Systems and Networks
Early recognition of encrypted applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Hit-list worm detection and bot identification in large networks using protocol graphs
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Traffic classification using visual motifs: an empirical evaluation
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Hi-index | 0.01 |
In an effort to make robust traffic classification more accessible to human operators, we present visualization techniques for network traffic. Our techniques are based solely on network information that remains intact after application-layer encryption, and so offer a way to visualize traffic "in the dark". Our visualizations clearly illustrate the differences between common application protocols, both in their transient (i.e., time-dependent)and steady-state behavior. We show how these visualizations can be used to assist a human operator to recognize application protocols in unidentified traffic and to verify the results of an automated classifier via visual inspection. In particular, our preliminary results show that we can visually scan almost 45,000 connections in less than one hour and correctly identify known application behaviors. Moreover, using visualizations together with an automated comparison technique based on Dynamic Time Warping of the motifs, we can rapidly develop accurate recognizers for new or previously unknown applications.