Publikation:

VisTracer : a visual analytics tool to investigate routing anomalies in traceroutes

Vorschaubild

Dateien

Zu diesem Dokument gibt es keine Dateien.

Datum

2012

Autor:innen

Vervier, Pierre-Antoine
Thonnard, Olivier

Herausgeber:innen

Kontakt

ISSN der Zeitschrift

Electronic ISSN

ISBN

Bibliografische Daten

Verlag

Schriftenreihe

Auflagebezeichnung

URI (zitierfähiger Link)
http://nbn-resolving.de/urn:nbn:de:bsz:352-222825
DOI (zitierfähiger Link)
https://doi.org/10.1145/2379690.2379701
ArXiv-ID

Internationale Patentnummer

Angaben zur Forschungsförderung

Projekt

Open Access-Veröffentlichung

Sammlungen

Informatik und Informationswissenschaft: Publikationen
Core Facility der Universität Konstanz

Gesperrt bis

Titel in einer weiteren Sprache

Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published

Erschienen in

Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12. New York, New York, USA: ACM Press, 2012, pp. 80-87. ISBN 978-1-4503-1413-8. Available under: doi: 10.1145/2379690.2379701

Zusammenfassung

Routing in the Internet is vulnerable to attacks due to the insecure design of the border gateway protocol (BGP). One possible exploitation of this insecure design is the hijacking of IP blocks. Such hijacked IP blocks can then be used to conduct malicious activities from seemingly legitimate IP addresses. In this study we actively trace and monitor the routes to spam sources over several consecutive days after having received a spam message from such a source. However, the real challenge is to distinguish between legitimate routing changes and those ones that are related to systematic misuse in so-called spam campaigns. To combine the strengths of human judgement and computational efficiency, we thus present a novel visual analytics tool named Vistracer in this paper. This tool represents analysis results of our anomaly detection algorithms on large traceroute data sets with the help of several scalable representations to support the analyst to explore, identify and analyze suspicious events and their relations to malicious activities. In particular, pixel-based visualization techniques, novel glyph-based summary representations and a combination of temporal glyphs in a graph representation are used to give an overview of route changes to specific destinations over time. To evaluate our tool, real-world case studies demonstrate the usage of Vistracer in practice on large-scale data sets.

Zusammenfassung in einer weiteren Sprache

Fachgebiet (DDC)
004 Informatik

Schlagwörter

Konferenz

the Ninth International Symposium, 15. Okt. 2012 - 15. Okt. 2012, Seattle, Washington
Rezension
undefined / . - undefined, undefined

Forschungsvorhaben

Organisationseinheiten

Zeitschriftenheft

Zugehörige Datensätze in KOPS

Zitieren

ISO 690FISCHER, Fabian, Johannes FUCHS, Pierre-Antoine VERVIER, Florian MANSMANN, Olivier THONNARD, 2012. VisTracer : a visual analytics tool to investigate routing anomalies in traceroutes. the Ninth International Symposium. Seattle, Washington, 15. Okt. 2012 - 15. Okt. 2012. In: Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12. New York, New York, USA: ACM Press, 2012, pp. 80-87. ISBN 978-1-4503-1413-8. Available under: doi: 10.1145/2379690.2379701
BibTex
@inproceedings{Fischer2012VisTr-22282,
  year={2012},
  doi={10.1145/2379690.2379701},
  title={VisTracer : a visual analytics tool to investigate routing anomalies in traceroutes},
  isbn={978-1-4503-1413-8},
  publisher={ACM Press},
  address={New York, New York, USA},
  booktitle={Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12},
  pages={80--87},
  author={Fischer, Fabian and Fuchs, Johannes and Vervier, Pierre-Antoine and Mansmann, Florian and Thonnard, Olivier}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/22282">
    <dcterms:issued>2012</dcterms:issued>
    <dc:language>eng</dc:language>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dc:contributor>Fischer, Fabian</dc:contributor>
    <dc:contributor>Mansmann, Florian</dc:contributor>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/22282"/>
    <dc:creator>Mansmann, Florian</dc:creator>
    <dcterms:abstract xml:lang="deu">Routing in the Internet is vulnerable to attacks due to the insecure design of the border gateway protocol (BGP). One possible exploitation of this insecure design is the hijacking of IP blocks. Such hijacked IP blocks can then be used to conduct malicious activities from seemingly legitimate IP addresses. In this study we actively trace and monitor the routes to spam sources over several consecutive days after having received a spam message from such a source. However, the real challenge is to distinguish between legitimate routing changes and those ones that are related to systematic misuse in so-called spam campaigns. To combine the strengths of human judgement and computational efficiency, we thus present a novel visual analytics tool named Vistracer in this paper. This tool represents analysis results of our anomaly detection algorithms on large traceroute data sets with the help of several scalable representations to support the analyst to explore, identify and analyze suspicious events and their relations to malicious activities. In particular, pixel-based visualization techniques, novel glyph-based summary representations and a combination of temporal glyphs in a graph representation are used to give an overview of route changes to specific destinations over time. To evaluate our tool, real-world case studies demonstrate the usage of Vistracer in practice on large-scale data sets.</dcterms:abstract>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2013-03-01T14:29:46Z</dcterms:available>
    <dc:contributor>Vervier, Pierre-Antoine</dc:contributor>
    <dcterms:bibliographicCitation>Proceedings of the Ninth International Symposium on Visualization for Cyber Security. - New York, NY : ACM, 2012. - S. 80-87. - ISBN 978-1-4503-1413-8</dcterms:bibliographicCitation>
    <dc:creator>Thonnard, Olivier</dc:creator>
    <dc:contributor>Thonnard, Olivier</dc:contributor>
    <dc:contributor>Fuchs, Johannes</dc:contributor>
    <dc:creator>Fischer, Fabian</dc:creator>
    <dc:rights>terms-of-use</dc:rights>
    <dc:creator>Vervier, Pierre-Antoine</dc:creator>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2013-03-01T14:29:46Z</dc:date>
    <dcterms:title>VisTracer : a visual analytics tool to investigate routing anomalies in traceroutes</dcterms:title>
    <dc:creator>Fuchs, Johannes</dc:creator>
  </rdf:Description>
</rdf:RDF>

Interner Vermerk

xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter

Kontakt
URL der Originalveröffentl.

Prüfdatum der URL

Prüfungsdatum der Dissertation

Finanzierungsart

Kommentar zur Publikation

Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
Begutachtet
Diese Publikation teilen