VisTracer : a visual analytics tool to investigate routing anomalies in traceroutes
| dc.contributor.author | Fischer, Fabian | |
| dc.contributor.author | Fuchs, Johannes | |
| dc.contributor.author | Vervier, Pierre-Antoine | deu |
| dc.contributor.author | Mansmann, Florian | |
| dc.contributor.author | Thonnard, Olivier | deu |
| dc.date.accessioned | 2013-03-01T14:29:46Z | deu |
| dc.date.available | 2013-03-01T14:29:46Z | deu |
| dc.date.issued | 2012 | |
| dc.description.abstract | Routing in the Internet is vulnerable to attacks due to the insecure design of the border gateway protocol (BGP). One possible exploitation of this insecure design is the hijacking of IP blocks. Such hijacked IP blocks can then be used to conduct malicious activities from seemingly legitimate IP addresses. In this study we actively trace and monitor the routes to spam sources over several consecutive days after having received a spam message from such a source. However, the real challenge is to distinguish between legitimate routing changes and those ones that are related to systematic misuse in so-called spam campaigns. To combine the strengths of human judgement and computational efficiency, we thus present a novel visual analytics tool named Vistracer in this paper. This tool represents analysis results of our anomaly detection algorithms on large traceroute data sets with the help of several scalable representations to support the analyst to explore, identify and analyze suspicious events and their relations to malicious activities. In particular, pixel-based visualization techniques, novel glyph-based summary representations and a combination of temporal glyphs in a graph representation are used to give an overview of route changes to specific destinations over time. To evaluate our tool, real-world case studies demonstrate the usage of Vistracer in practice on large-scale data sets. | deu |
| dc.description.version | published | |
| dc.identifier.citation | Proceedings of the Ninth International Symposium on Visualization for Cyber Security. - New York, NY : ACM, 2012. - S. 80-87. - ISBN 978-1-4503-1413-8 | deu |
| dc.identifier.doi | 10.1145/2379690.2379701 | deu |
| dc.identifier.uri | http://kops.uni-konstanz.de/handle/123456789/22282 | |
| dc.language.iso | eng | deu |
| dc.legacy.dateIssued | 2013-03-01 | deu |
| dc.rights | terms-of-use | deu |
| dc.rights.uri | https://rightsstatements.org/page/InC/1.0/ | deu |
| dc.subject.ddc | 004 | deu |
| dc.title | VisTracer : a visual analytics tool to investigate routing anomalies in traceroutes | eng |
| dc.type | INPROCEEDINGS | deu |
| dspace.entity.type | Publication | |
| kops.citation.bibtex | @inproceedings{Fischer2012VisTr-22282,
year={2012},
doi={10.1145/2379690.2379701},
title={VisTracer : a visual analytics tool to investigate routing anomalies in traceroutes},
isbn={978-1-4503-1413-8},
publisher={ACM Press},
address={New York, New York, USA},
booktitle={Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12},
pages={80--87},
author={Fischer, Fabian and Fuchs, Johannes and Vervier, Pierre-Antoine and Mansmann, Florian and Thonnard, Olivier}
} | |
| kops.citation.iso690 | FISCHER, Fabian, Johannes FUCHS, Pierre-Antoine VERVIER, Florian MANSMANN, Olivier THONNARD, 2012. VisTracer : a visual analytics tool to investigate routing anomalies in traceroutes. the Ninth International Symposium. Seattle, Washington, 15. Okt. 2012 - 15. Okt. 2012. In: Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12. New York, New York, USA: ACM Press, 2012, pp. 80-87. ISBN 978-1-4503-1413-8. Available under: doi: 10.1145/2379690.2379701 | deu |
| kops.citation.iso690 | FISCHER, Fabian, Johannes FUCHS, Pierre-Antoine VERVIER, Florian MANSMANN, Olivier THONNARD, 2012. VisTracer : a visual analytics tool to investigate routing anomalies in traceroutes. the Ninth International Symposium. Seattle, Washington, Oct 15, 2012 - Oct 15, 2012. In: Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12. New York, New York, USA: ACM Press, 2012, pp. 80-87. ISBN 978-1-4503-1413-8. Available under: doi: 10.1145/2379690.2379701 | eng |
| kops.citation.rdf | <rdf:RDF
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:bibo="http://purl.org/ontology/bibo/"
xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
xmlns:foaf="http://xmlns.com/foaf/0.1/"
xmlns:void="http://rdfs.org/ns/void#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema#" >
<rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/22282">
<dcterms:issued>2012</dcterms:issued>
<dc:language>eng</dc:language>
<dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
<dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dc:contributor>Fischer, Fabian</dc:contributor>
<dc:contributor>Mansmann, Florian</dc:contributor>
<foaf:homepage rdf:resource="http://localhost:8080/"/>
<bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/22282"/>
<dc:creator>Mansmann, Florian</dc:creator>
<dcterms:abstract xml:lang="deu">Routing in the Internet is vulnerable to attacks due to the insecure design of the border gateway protocol (BGP). One possible exploitation of this insecure design is the hijacking of IP blocks. Such hijacked IP blocks can then be used to conduct malicious activities from seemingly legitimate IP addresses. In this study we actively trace and monitor the routes to spam sources over several consecutive days after having received a spam message from such a source. However, the real challenge is to distinguish between legitimate routing changes and those ones that are related to systematic misuse in so-called spam campaigns. To combine the strengths of human judgement and computational efficiency, we thus present a novel visual analytics tool named Vistracer in this paper. This tool represents analysis results of our anomaly detection algorithms on large traceroute data sets with the help of several scalable representations to support the analyst to explore, identify and analyze suspicious events and their relations to malicious activities. In particular, pixel-based visualization techniques, novel glyph-based summary representations and a combination of temporal glyphs in a graph representation are used to give an overview of route changes to specific destinations over time. To evaluate our tool, real-world case studies demonstrate the usage of Vistracer in practice on large-scale data sets.</dcterms:abstract>
<dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2013-03-01T14:29:46Z</dcterms:available>
<dc:contributor>Vervier, Pierre-Antoine</dc:contributor>
<dcterms:bibliographicCitation>Proceedings of the Ninth International Symposium on Visualization for Cyber Security. - New York, NY : ACM, 2012. - S. 80-87. - ISBN 978-1-4503-1413-8</dcterms:bibliographicCitation>
<dc:creator>Thonnard, Olivier</dc:creator>
<dc:contributor>Thonnard, Olivier</dc:contributor>
<dc:contributor>Fuchs, Johannes</dc:contributor>
<dc:creator>Fischer, Fabian</dc:creator>
<dc:rights>terms-of-use</dc:rights>
<dc:creator>Vervier, Pierre-Antoine</dc:creator>
<void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
<dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2013-03-01T14:29:46Z</dc:date>
<dcterms:title>VisTracer : a visual analytics tool to investigate routing anomalies in traceroutes</dcterms:title>
<dc:creator>Fuchs, Johannes</dc:creator>
</rdf:Description>
</rdf:RDF> | |
| kops.conferencefield | the Ninth International Symposium, 15. Okt. 2012 - 15. Okt. 2012, Seattle, Washington | deu |
| kops.date.conferenceEnd | 2012-10-15 | |
| kops.date.conferenceStart | 2012-10-15 | |
| kops.flag.knbibliography | true | |
| kops.identifier.nbn | urn:nbn:de:bsz:352-222825 | deu |
| kops.location.conference | Seattle, Washington | |
| kops.sourcefield | <i>Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12</i>. New York, New York, USA: ACM Press, 2012, pp. 80-87. ISBN 978-1-4503-1413-8. Available under: doi: 10.1145/2379690.2379701 | deu |
| kops.sourcefield.plain | Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12. New York, New York, USA: ACM Press, 2012, pp. 80-87. ISBN 978-1-4503-1413-8. Available under: doi: 10.1145/2379690.2379701 | deu |
| kops.sourcefield.plain | Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12. New York, New York, USA: ACM Press, 2012, pp. 80-87. ISBN 978-1-4503-1413-8. Available under: doi: 10.1145/2379690.2379701 | eng |
| kops.submitter.email | oleg.kozlov@uni-konstanz.de | deu |
| kops.title.conference | the Ninth International Symposium | |
| relation.isAuthorOfPublication | 7a775974-2508-4a1c-b786-d48032df7443 | |
| relation.isAuthorOfPublication | 6dc854f5-8120-4da2-9c7a-c42f860f77fc | |
| relation.isAuthorOfPublication | 90244953-4003-4a15-ae6e-0b9d164ea2a3 | |
| relation.isAuthorOfPublication.latestForDiscovery | 7a775974-2508-4a1c-b786-d48032df7443 | |
| source.bibliographicInfo.fromPage | 80 | |
| source.bibliographicInfo.toPage | 87 | |
| source.identifier.isbn | 978-1-4503-1413-8 | |
| source.publisher | ACM Press | |
| source.publisher.location | New York, New York, USA | |
| source.title | Proceedings of the Ninth International Symposium on Visualization for Cyber Security - VizSec '12 |
Dateien
Lizenzbündel
1 - 1 von 1
Vorschaubild nicht verfügbar
- Name:
- license.txt
- Größe:
- 1.92 KB
- Format:
- Plain Text
- Beschreibung:
