Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Visual Analytic Representation of Large Datasets for Enhancing Network Security                          James Davey      ...
VIS-SENSE Organisation                  Topic: Technology and Tools for Trustworthy ICT (2009.1.4)      Grant Agreement: S...
Root-Cause Analysis              Use Case: Root-Cause Analysis         Overview over the Internet threat landscape        ...
Overview – Zooming Out                         www.vis-sense.eu                           No. 257495
Overview – Zooming Out                         www.vis-sense.eu                           No. 257495
Overview – Zooming Out                         www.vis-sense.eu                           No. 257495
Overview – Zooming OutFeatures in an interactive map:   Our Features:  Position,                         I.P. addresses,  ...
Overview – Zooming OutFeatures in an interactive map:      Our Features:  Grouping is easy and unambiguous     Grouping is...
The TRIAGE(1) approachClustering based on Multi-Criteria Decision Analysis (MCDA)Automatic grouping of elements likely to ...
Definitions      FeaturesEntities              www.vis-sense.eu                No. 257495
Similarity – Models for Similarity                                 www.vis-sense.eu                                   No. ...
Per Feature Similarity Example – Real Numbers                              www.vis-sense.eu                               ...
Grouping with respect to different features                                www.vis-sense.eu                               ...
Aggregate Similarity Example                               www.vis-sense.eu                                 No. 257495
An example of Rogue AV campaign750 domains registeredover a span of 8 months       Domain name       /24 network of web se...
- domain name patterns- use of whois privacy        protection services                              www.vis-sense.eu     ...
Spam BotnetsInter-relationships                                   Unclassified                                            ...
Thanks for Your Attention                                                             James Davey                         ...
Upcoming SlideShare
Loading in …5
×

Vis sense cluster meeting

1,007 views

Published on

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

Vis sense cluster meeting

  1. 1. Visual Analytic Representation of Large Datasets for Enhancing Network Security James Davey Fraunhofer Institute for Computer Graphics Research IGD Fraunhoferstraße 5 64283 Darmstadt Phone +49 6151 155-655 | Fax -139 james.davey@igd.fraunhofer.de www.igd.fraunhofer.de/igd-a3 www.vis-sense.eu No. 257495
  2. 2. VIS-SENSE Organisation Topic: Technology and Tools for Trustworthy ICT (2009.1.4) Grant Agreement: STREP – 257495 Time Frame: 01.10.2010 until 30.09.2013 Budget: 3,32 million euro / 2.35 million euro EU contribution6 partners from 4 countries: Fraunhofer IGD (Germany) – Coordinator CERTH / ITI (Greece) Institut EURECOM (France) Institut Telecom (France) Symantec Ltd. (Ireland) University of Konstanz (Germany) www.vis-sense.eu No. 257495
  3. 3. Root-Cause Analysis Use Case: Root-Cause Analysis Overview over the Internet threat landscape Zooming Out www.vis-sense.eu No. 257495
  4. 4. Overview – Zooming Out www.vis-sense.eu No. 257495
  5. 5. Overview – Zooming Out www.vis-sense.eu No. 257495
  6. 6. Overview – Zooming Out www.vis-sense.eu No. 257495
  7. 7. Overview – Zooming OutFeatures in an interactive map: Our Features: Position, I.P. addresses, Area, Server names, Street hierarchy, Email addresses, Etc. Keyword sets, Distributions, Timestamps, Etc. www.vis-sense.eu No. 257495
  8. 8. Overview – Zooming OutFeatures in an interactive map: Our Features: Grouping is easy and unambiguous Grouping is difficult Grouping is ambiguous We need some definition of distance or similarity Similarity Models www.vis-sense.eu No. 257495
  9. 9. The TRIAGE(1) approachClustering based on Multi-Criteria Decision Analysis (MCDA)Automatic grouping of elements likely to share the same root causes Features Selection Σ Multi-criteria Per feature Multi-Dimensional Aggregation Graph-based representation Clusters (MDC’s) Events (data fusion) 1) Triage (med.): process of prioritizing patients based on the severity of their condition www.vis-sense.eu No. 257495 9 9
  10. 10. Definitions FeaturesEntities www.vis-sense.eu No. 257495
  11. 11. Similarity – Models for Similarity www.vis-sense.eu No. 257495
  12. 12. Per Feature Similarity Example – Real Numbers www.vis-sense.eu No. 257495
  13. 13. Grouping with respect to different features www.vis-sense.eu No. 257495
  14. 14. Aggregate Similarity Example www.vis-sense.eu No. 257495
  15. 15. An example of Rogue AV campaign750 domains registeredover a span of 8 months Domain name /24 network of web server Registrant email www.vis-sense.euRegistration date No. 257495
  16. 16. - domain name patterns- use of whois privacy protection services www.vis-sense.eu No. 257495
  17. 17. Spam BotnetsInter-relationships Unclassified Rustock Mega-D Cutwail Grum Spam event Subject keywords www.vis-sense.eu No. 257495 Bot name
  18. 18. Thanks for Your Attention James Davey Fraunhofer IGD Fraunhoferstraße 5 64283 DarmstadtIGD_Folienvorlage_v2010.10.ppt Tel +49 6151 155 – 655 | Fax – 139 james.davey@igd.fraunhofer.de www.igd.fraunhofer.de/igd-a3 www.vis-sense.eu No. 257495

×