Analysis of Network Attacks and Security Events using Modern Data Visualization Techniques
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2015 |
| Tipo de documento: | Dissertação |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/10400.6/6009 |
Resumo: | Data visualization techniques comprise crucial resources in many research and professional areas. Effective representations often contribute to the understanding of the overall picture behind a large volume of data, sometimes leading to novel discoveries or to an ef cient synthesis. Due to the large amount of data that computers handle nowadays, many modern data visualizations techniques were designed to deal with such large data sets, exhibiting unique characteristics. In the information era, computers (and their operators) and networks are also amongst the biggest sources of raw data, though they are also used in its processing and storage. Many network monitoring systems and security appliances make usage of traditional data visualization techniques in reporting functionalities or to provide practitioners with status information. The scope of this work falls within the intersection of the elds of network security and data visualization techniques. Its objectives are to study modern approaches to represent data, which may be currently being used in other areas, and apply one of those approaches in the visualization of network traf c and attacks. Assessing the usefulness of the visualizations was also an objective, along with the constitution of a large data set of representations for several traf c classes and classical network attacks. A technique known as Circos, widely used for genomic representations, was the one applied for achieving the objectives of this masters program. Many representations for at least 18 different traf c traces were produced along this work, with many analyzed with detail in this dissertation. These traces, containing traf c generated by contemporary applications and classical network attacks or probing activities, were selected from two datasets. In order to produce the Circos, a minimal set of traf c characteristics was identi ed,and several scripts for automating the processing were implemented. Towards the nal part of this work, an experiment based on the (human) comparison between nine labeled and nine unlabeled Circos was set up to demonstrate that the obtained representations were useful up to the point of being used to identify traf c classes or attacks. During the experiment, it was possible to correctly identify eight, out of the nine, traces (one of the attacks was incorrectly classi ed as HTTP traf c), proving the usefulness of this technique in this eld. |
| id |
RCAP_92bfc6d9a6df8f30d8b2c55cb609739f |
|---|---|
| oai_identifier_str |
oai:ubibliorum.ubi.pt:10400.6/6009 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
Analysis of Network Attacks and Security Events using Modern Data Visualization TechniquesAtaques Informáticos de RedeCircosClasses de TráfegoMonitorização de Tráfego de RedeRepresentação Grá Ca dos DadosTécnicas de Visualização de Dados ModernasDomínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaData visualization techniques comprise crucial resources in many research and professional areas. Effective representations often contribute to the understanding of the overall picture behind a large volume of data, sometimes leading to novel discoveries or to an ef cient synthesis. Due to the large amount of data that computers handle nowadays, many modern data visualizations techniques were designed to deal with such large data sets, exhibiting unique characteristics. In the information era, computers (and their operators) and networks are also amongst the biggest sources of raw data, though they are also used in its processing and storage. Many network monitoring systems and security appliances make usage of traditional data visualization techniques in reporting functionalities or to provide practitioners with status information. The scope of this work falls within the intersection of the elds of network security and data visualization techniques. Its objectives are to study modern approaches to represent data, which may be currently being used in other areas, and apply one of those approaches in the visualization of network traf c and attacks. Assessing the usefulness of the visualizations was also an objective, along with the constitution of a large data set of representations for several traf c classes and classical network attacks. A technique known as Circos, widely used for genomic representations, was the one applied for achieving the objectives of this masters program. Many representations for at least 18 different traf c traces were produced along this work, with many analyzed with detail in this dissertation. These traces, containing traf c generated by contemporary applications and classical network attacks or probing activities, were selected from two datasets. In order to produce the Circos, a minimal set of traf c characteristics was identi ed,and several scripts for automating the processing were implemented. Towards the nal part of this work, an experiment based on the (human) comparison between nine labeled and nine unlabeled Circos was set up to demonstrate that the obtained representations were useful up to the point of being used to identify traf c classes or attacks. During the experiment, it was possible to correctly identify eight, out of the nine, traces (one of the attacks was incorrectly classi ed as HTTP traf c), proving the usefulness of this technique in this eld.As técnicas de visualização de dados contêm recursos vitais em várias áreas, desde a pesquisa até há área pro ssional. Representações e cazes estão frequentemente a contribuir para a compreensão do quadro geral, a partir de um grande volume de dados, às vezes permite novas descobertas ou para uma síntese e ciente. Devido há grande quantidade de dados que os computadores lidam nos dias de hoje, muitas técnicas modernas de visualização de dados foram desenvolvidas para lidar com os grandes conjuntos de dados, permitindo perceber características únicas. Na era da informação, os computadores (e os seus utilizadores) e as redes estão entre as maiores fontes de dados, embora eles também sejam utilizados no seu processamento e armazenamento. Muitos sistemas de monitorização de rede e dispositivos de segurança fazem uso de técnicas de visualização de dados tradicionais para reportar funcionalidades ou para fornecer informações pro ssionais sobre o estado dos dados. O âmbito deste trabalho insere-se no cruzamento dos campos, das técnicas de segurança de rede e de visualização dos dados. Os objectivos são estudar abordagens modernas para representar os dados, que podem actualmente ser utilizados em outras áreas, e aplicar uma dessas abordagens na visualização de tráfego de rede e ataques. Avaliar a sua utilidade das visualiza ções também era um objectivo, juntamente com a constituição de um grande conjunto de representações para várias classes de tráfego e ataques de rede clássicos. A técnica conhecida como Circos, amplamente utilizada para representações genéticas, foi aplicada para alcançar os objectivos deste programa de mestrado. Muitas representações para pelo menos 18 conjuntos de tráfego diferentes foram produzidas ao longo deste trabalho, com muitas analisadas detalhadamente nesta dissertação. Esses conjuntos, contendo tráfego gerados pelas aplicações contemporâneas e ataques clássicos de rede ou actividades de sondagem, foram seleccionados a partir de dois conjuntos de dados. De forma a produzir o Circos, um conjunto mínimo de características de tráfego foram identi cadas, e foram implementados vários scripts para automatizar o processo. Para a parte nal deste trabalho, uma experiência baseada na comparação (humana) entre nove conjuntos conhecidos e nove desconhecidos foram criados. Para demonstrar que as representações foram úteis para identi car as classes de tráfegos ou ataques. Durante a experiência, foi possível identi car correctamente oito, dos nove conjuntos (um dos ataques foi incorrectamente classi cado como tráfego Hypertext Transfer Protocol (HTTP)), comprovando a utilidade desta técnica nesta área.Inácio, Pedro Ricardo MoraisuBibliorumPereira, Paulo Macedo2018-08-31T16:21:05Z2015-10-22015-11-022015-11-02T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.6/6009TID:201640228enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-12-15T09:44:14Zoai:ubibliorum.ubi.pt:10400.6/6009Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T00:46:49.943555Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
Analysis of Network Attacks and Security Events using Modern Data Visualization Techniques |
| title |
Analysis of Network Attacks and Security Events using Modern Data Visualization Techniques |
| spellingShingle |
Analysis of Network Attacks and Security Events using Modern Data Visualization Techniques Pereira, Paulo Macedo Ataques Informáticos de Rede Circos Classes de Tráfego Monitorização de Tráfego de Rede Representação Grá Ca dos Dados Técnicas de Visualização de Dados Modernas Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
| title_short |
Analysis of Network Attacks and Security Events using Modern Data Visualization Techniques |
| title_full |
Analysis of Network Attacks and Security Events using Modern Data Visualization Techniques |
| title_fullStr |
Analysis of Network Attacks and Security Events using Modern Data Visualization Techniques |
| title_full_unstemmed |
Analysis of Network Attacks and Security Events using Modern Data Visualization Techniques |
| title_sort |
Analysis of Network Attacks and Security Events using Modern Data Visualization Techniques |
| author |
Pereira, Paulo Macedo |
| author_facet |
Pereira, Paulo Macedo |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Inácio, Pedro Ricardo Morais uBibliorum |
| dc.contributor.author.fl_str_mv |
Pereira, Paulo Macedo |
| dc.subject.por.fl_str_mv |
Ataques Informáticos de Rede Circos Classes de Tráfego Monitorização de Tráfego de Rede Representação Grá Ca dos Dados Técnicas de Visualização de Dados Modernas Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
| topic |
Ataques Informáticos de Rede Circos Classes de Tráfego Monitorização de Tráfego de Rede Representação Grá Ca dos Dados Técnicas de Visualização de Dados Modernas Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
| description |
Data visualization techniques comprise crucial resources in many research and professional areas. Effective representations often contribute to the understanding of the overall picture behind a large volume of data, sometimes leading to novel discoveries or to an ef cient synthesis. Due to the large amount of data that computers handle nowadays, many modern data visualizations techniques were designed to deal with such large data sets, exhibiting unique characteristics. In the information era, computers (and their operators) and networks are also amongst the biggest sources of raw data, though they are also used in its processing and storage. Many network monitoring systems and security appliances make usage of traditional data visualization techniques in reporting functionalities or to provide practitioners with status information. The scope of this work falls within the intersection of the elds of network security and data visualization techniques. Its objectives are to study modern approaches to represent data, which may be currently being used in other areas, and apply one of those approaches in the visualization of network traf c and attacks. Assessing the usefulness of the visualizations was also an objective, along with the constitution of a large data set of representations for several traf c classes and classical network attacks. A technique known as Circos, widely used for genomic representations, was the one applied for achieving the objectives of this masters program. Many representations for at least 18 different traf c traces were produced along this work, with many analyzed with detail in this dissertation. These traces, containing traf c generated by contemporary applications and classical network attacks or probing activities, were selected from two datasets. In order to produce the Circos, a minimal set of traf c characteristics was identi ed,and several scripts for automating the processing were implemented. Towards the nal part of this work, an experiment based on the (human) comparison between nine labeled and nine unlabeled Circos was set up to demonstrate that the obtained representations were useful up to the point of being used to identify traf c classes or attacks. During the experiment, it was possible to correctly identify eight, out of the nine, traces (one of the attacks was incorrectly classi ed as HTTP traf c), proving the usefulness of this technique in this eld. |
| publishDate |
2015 |
| dc.date.none.fl_str_mv |
2015-10-2 2015-11-02 2015-11-02T00:00:00Z 2018-08-31T16:21:05Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10400.6/6009 TID:201640228 |
| url |
http://hdl.handle.net/10400.6/6009 |
| identifier_str_mv |
TID:201640228 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799136363959812096 |