SlideShare a Scribd company logo

Towards Designing Effective Visualizations for DNS-based Network Threat Analysis

Rosa Romero Gómez, PhD
Rosa Romero Gómez, PhD

Slides from my talk at the IEEE Symposium on Visualization for Cyber Security, 2017 in Phoenix (Arizona), United States

Data & Analytics
1 of 20
Download to read offline
Towards Designing Effective Visualizations for DNS-based Network Threat Analysis Rosa Romero-Gómez, Yacin Nadji, and Manos Antonakakis {rgomez30,yacin,manos}@gatech.edu
What is Network Threat Analysis? 2
Analyst Alerts Threat Intelligence The Domain Name System (DNS) is an essential protocol used by both legitimate Internet applications and cyber attacks [Building a Dynamic Reputation System for DNS, Antonakakis et al. 2010] 3
Challenges 4
Threat Intelligence Acquisition “Security analysts are still collecting threat intelligence via email, spreadsheets, and cutting/pasting information from web-based sources. Obviously, these manual processes don’t scale” [Enterprise Strategy Group (ESG) Research Report: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices, June 2015] 5
Analytics “Threat intelligence may offer clues but human beings are left to do the heavy lifting by investigating and analyzing the data on their own” [ESG Research Report: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices, June 2015] 6
Our Approach: Open Source THreat Analysis COnsole (THACO) Open Datasets Visualization Techniques 7
8 Classless Inter-Domain Routing (CIDR) Notation 192.0.0.0/8 192.1.0.0/16 192.2.0.0/16 192.168.16.0/24 192.3.0.0/16 192.2.3.0/24 192.2.3.1/32 192.2.3.12/32 /8 /16 /24 /32
Access to THACO live demo: https://ipviz.gtisc.gatech.edu/ 9
User-centered Visualization Design Domain Problem / Data Characterization Design Prototype Evaluation 10
Domain Problem & Data Characterization • Procedure: informal interviews with two domain experts in network threat analysis during two months • Output: two main high-level categories of tasks and data requirements: Top-down network threat analysis or Threat Hunting Bottom-up network threat analysis or Incident Response 11
Domain Problem & Data Characterization • Effective threat intelligence involves the combination of multiple data sources: • Active DNS datasets (https://www.activednsproject.org/) • Public Domain Blacklists such as abuse.ch • Malware Traces (https://www.virustotal.com) • Domain WHOIS records (https://www.threatminer.org/) 12
Design • Design Goals 1. Multiple views 2. Different levels of detail 3. Scalability Multi-grouping, zoomable treemap 13
Evaluation • Participants: • Network threat analysts are hard to find • Seven in-situ and thirty-one online network threat analysts from both academia and industry • Years of experience ranging < 1 year to > 10 years • Procedure: • In-situ evaluation: tasks scenarios and semi-structured interviews • Online evaluation: web-based survey (SUS, System Usability Scale) 14
Evaluation • Main Results: • Threat analysis experience of participants affects neither task completion rates nor task completion times using THACO • Experience analysts satisfaction garnered THACO an “A” grade in usability • Limitations: • THACO could be improved for tasks involving keeping track of different pieces of information over time 15
Want data? Active DNS datasets: https:// www.activednsproject.org/ 16
Want a demo? THACO live demo: https:// ipviz.gtisc.gatech.edu/ 17
Want code? Source code on GitHub: https:// github.com/Astrolavos/THACO 18
Questions? 19
Towards Designing Effective Visualizations for DNS-based Network Threat Analysis Rosa Romero-Gómez, Yacin Nadji, and Manos Antonakakis {rgomez30,yacin,manos}@gatech.edu

Recommended

Data Visualization for Big Data: Experience from the Front Line
Data Visualization for Big Data: Experience from the Front LineData Visualization for Big Data: Experience from the Front Line
Data Visualization for Big Data: Experience from the Front LineRosa Romero Gómez, PhD
 
balloon: LOD forecasting - cloudy with a chance of services
balloon: LOD forecasting - cloudy with a chance of servicesballoon: LOD forecasting - cloudy with a chance of services
balloon: LOD forecasting - cloudy with a chance of servicesKai Schlegel
 
Diffusion in platform-based markets: big data driven agent-based model
Diffusion in platform-based markets: big data driven agent-based modelDiffusion in platform-based markets: big data driven agent-based model
Diffusion in platform-based markets: big data driven agent-based modelJari Jussila
 
From Data to Visualization, what happens in between?
From Data to Visualization, what happens in between?From Data to Visualization, what happens in between?
From Data to Visualization, what happens in between?Krist Wongsuphasawat
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big DataRaffael Marty
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data Visualizationbigdataviz_bay
 
An Approach for RDF-based Semantic Access to NoSQL Repositories
An Approach for RDF-based Semantic Access to NoSQL RepositoriesAn Approach for RDF-based Semantic Access to NoSQL Repositories
An Approach for RDF-based Semantic Access to NoSQL RepositoriesLuiz Henrique Zambom Santana
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
 

Recommended

Data Visualization for Big Data: Experience from the Front Line
Data Visualization for Big Data: Experience from the Front LineData Visualization for Big Data: Experience from the Front Line
Data Visualization for Big Data: Experience from the Front LineRosa Romero Gómez, PhD
 
balloon: LOD forecasting - cloudy with a chance of services
balloon: LOD forecasting - cloudy with a chance of servicesballoon: LOD forecasting - cloudy with a chance of services
balloon: LOD forecasting - cloudy with a chance of servicesKai Schlegel
 
Diffusion in platform-based markets: big data driven agent-based model
Diffusion in platform-based markets: big data driven agent-based modelDiffusion in platform-based markets: big data driven agent-based model
Diffusion in platform-based markets: big data driven agent-based modelJari Jussila
 
From Data to Visualization, what happens in between?
From Data to Visualization, what happens in between?From Data to Visualization, what happens in between?
From Data to Visualization, what happens in between?Krist Wongsuphasawat
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big DataRaffael Marty
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data Visualizationbigdataviz_bay
 
An Approach for RDF-based Semantic Access to NoSQL Repositories
An Approach for RDF-based Semantic Access to NoSQL RepositoriesAn Approach for RDF-based Semantic Access to NoSQL Repositories
An Approach for RDF-based Semantic Access to NoSQL RepositoriesLuiz Henrique Zambom Santana
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
 
A Picture is Worth 1,000 Rows
A Picture is Worth 1,000 RowsA Picture is Worth 1,000 Rows
A Picture is Worth 1,000 RowsNeo4j
 
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...DataWorks Summit
 
Democratizing Data within your organization - Data Discovery
Democratizing Data within your organization - Data DiscoveryDemocratizing Data within your organization - Data Discovery
Democratizing Data within your organization - Data DiscoveryMark Grover
 
DataTags: Sharing Privacy Sensitive Data by Michael Bar-sinai
DataTags: Sharing Privacy Sensitive Data by Michael Bar-sinaiDataTags: Sharing Privacy Sensitive Data by Michael Bar-sinai
DataTags: Sharing Privacy Sensitive Data by Michael Bar-sinaidatascienceiqss
 
Reproducible Research and the Cloud
Reproducible Research and the CloudReproducible Research and the Cloud
Reproducible Research and the CloudMicrosoft Azure for Research
 
Doing Research in the Cloud - NIH Workshop Dennis Gannon
Doing Research in the Cloud - NIH Workshop Dennis GannonDoing Research in the Cloud - NIH Workshop Dennis Gannon
Doing Research in the Cloud - NIH Workshop Dennis GannonMicrosoft Azure for Research
 
(Web User Interfaces track) "Getting the Query Right: User Interface Design o...
(Web User Interfaces track) "Getting the Query Right: User Interface Design o...(Web User Interfaces track) "Getting the Query Right: User Interface Design o...
(Web User Interfaces track) "Getting the Query Right: User Interface Design o...icwe2015
 
Data Analytics in Real World (May 2016)
Data Analytics in Real World (May 2016)Data Analytics in Real World (May 2016)
Data Analytics in Real World (May 2016)geetachauhan
 
vion_a2000_5 facts_d2
vion_a2000_5 facts_d2vion_a2000_5 facts_d2
vion_a2000_5 facts_d2Roman Chanclor
 
Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...
Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...
Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...Dataconomy Media
 
[Webinar] Introduction to Cypher
[Webinar] Introduction to Cypher[Webinar] Introduction to Cypher
[Webinar] Introduction to CypherNeo4j
 
Collaborative Data Analysis with Taverna Workflows
Collaborative Data Analysis with Taverna WorkflowsCollaborative Data Analysis with Taverna Workflows
Collaborative Data Analysis with Taverna WorkflowsAndrea Wiggins
 
Accelerating your Research with Microsoft Azure (June 2015)
Accelerating your Research with Microsoft Azure (June 2015)Accelerating your Research with Microsoft Azure (June 2015)
Accelerating your Research with Microsoft Azure (June 2015)Microsoft Azure for Research
 
Semantic Text Processing Powered by Wikipedia
Semantic Text Processing Powered by WikipediaSemantic Text Processing Powered by Wikipedia
Semantic Text Processing Powered by WikipediaMaxim Grinev
 
Big Data Repository for Structural Biology: Challenges and Opportunities by P...
Big Data Repository for Structural Biology: Challenges and Opportunities by P...Big Data Repository for Structural Biology: Challenges and Opportunities by P...
Big Data Repository for Structural Biology: Challenges and Opportunities by P...datascienceiqss
 
Tutorial Data Management and workflows
Tutorial Data Management and workflowsTutorial Data Management and workflows
Tutorial Data Management and workflowsSSSW
 
Secondary data analysis with digital trace data
Secondary data analysis with digital trace dataSecondary data analysis with digital trace data
Secondary data analysis with digital trace dataAndrea Wiggins
 
Databases, Web Services and Tools For Systems Immunology
Databases, Web Services and Tools For Systems ImmunologyDatabases, Web Services and Tools For Systems Immunology
Databases, Web Services and Tools For Systems ImmunologyYannick Pouliot
 
[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...
[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...
[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...pdemian
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKElasticsearch
 
Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Tao Xie
 
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersDenim Group
 

More Related Content

What's hot

A Picture is Worth 1,000 Rows
A Picture is Worth 1,000 RowsA Picture is Worth 1,000 Rows
A Picture is Worth 1,000 RowsNeo4j
 
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...DataWorks Summit
 
Democratizing Data within your organization - Data Discovery
Democratizing Data within your organization - Data DiscoveryDemocratizing Data within your organization - Data Discovery
Democratizing Data within your organization - Data DiscoveryMark Grover
 
DataTags: Sharing Privacy Sensitive Data by Michael Bar-sinai
DataTags: Sharing Privacy Sensitive Data by Michael Bar-sinaiDataTags: Sharing Privacy Sensitive Data by Michael Bar-sinai
DataTags: Sharing Privacy Sensitive Data by Michael Bar-sinaidatascienceiqss
 
Doing Research in the Cloud - NIH Workshop Dennis Gannon
Doing Research in the Cloud - NIH Workshop Dennis GannonDoing Research in the Cloud - NIH Workshop Dennis Gannon
Doing Research in the Cloud - NIH Workshop Dennis GannonMicrosoft Azure for Research
 
(Web User Interfaces track) "Getting the Query Right: User Interface Design o...
(Web User Interfaces track) "Getting the Query Right: User Interface Design o...(Web User Interfaces track) "Getting the Query Right: User Interface Design o...
(Web User Interfaces track) "Getting the Query Right: User Interface Design o...icwe2015
 
Data Analytics in Real World (May 2016)
Data Analytics in Real World (May 2016)Data Analytics in Real World (May 2016)
Data Analytics in Real World (May 2016)geetachauhan
 
Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...
Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...
Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...Dataconomy Media
 
[Webinar] Introduction to Cypher
[Webinar] Introduction to Cypher[Webinar] Introduction to Cypher
[Webinar] Introduction to CypherNeo4j
 
Collaborative Data Analysis with Taverna Workflows
Collaborative Data Analysis with Taverna WorkflowsCollaborative Data Analysis with Taverna Workflows
Collaborative Data Analysis with Taverna WorkflowsAndrea Wiggins
 
Accelerating your Research with Microsoft Azure (June 2015)
Accelerating your Research with Microsoft Azure (June 2015)Accelerating your Research with Microsoft Azure (June 2015)
Accelerating your Research with Microsoft Azure (June 2015)Microsoft Azure for Research
 
Semantic Text Processing Powered by Wikipedia
Semantic Text Processing Powered by WikipediaSemantic Text Processing Powered by Wikipedia
Semantic Text Processing Powered by WikipediaMaxim Grinev
 
Big Data Repository for Structural Biology: Challenges and Opportunities by P...
Big Data Repository for Structural Biology: Challenges and Opportunities by P...Big Data Repository for Structural Biology: Challenges and Opportunities by P...
Big Data Repository for Structural Biology: Challenges and Opportunities by P...datascienceiqss
 
Tutorial Data Management and workflows
Tutorial Data Management and workflowsTutorial Data Management and workflows
Tutorial Data Management and workflowsSSSW
 
Secondary data analysis with digital trace data
Secondary data analysis with digital trace dataSecondary data analysis with digital trace data
Secondary data analysis with digital trace dataAndrea Wiggins
 
Databases, Web Services and Tools For Systems Immunology
Databases, Web Services and Tools For Systems ImmunologyDatabases, Web Services and Tools For Systems Immunology
Databases, Web Services and Tools For Systems ImmunologyYannick Pouliot
 
[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...
[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...
[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...pdemian
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKElasticsearch
 

What's hot (20)

A Picture is Worth 1,000 Rows
A Picture is Worth 1,000 RowsA Picture is Worth 1,000 Rows
A Picture is Worth 1,000 Rows
 
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
Deep Learning in Security - Examples, Infrastructure, Challenges, and Suggest...
 
Democratizing Data within your organization - Data Discovery
Democratizing Data within your organization - Data DiscoveryDemocratizing Data within your organization - Data Discovery
Democratizing Data within your organization - Data Discovery
 
DataTags: Sharing Privacy Sensitive Data by Michael Bar-sinai
DataTags: Sharing Privacy Sensitive Data by Michael Bar-sinaiDataTags: Sharing Privacy Sensitive Data by Michael Bar-sinai
DataTags: Sharing Privacy Sensitive Data by Michael Bar-sinai
 
Reproducible Research and the Cloud
Reproducible Research and the CloudReproducible Research and the Cloud
Reproducible Research and the Cloud
 
Doing Research in the Cloud - NIH Workshop Dennis Gannon
Doing Research in the Cloud - NIH Workshop Dennis GannonDoing Research in the Cloud - NIH Workshop Dennis Gannon
Doing Research in the Cloud - NIH Workshop Dennis Gannon
 
(Web User Interfaces track) "Getting the Query Right: User Interface Design o...
(Web User Interfaces track) "Getting the Query Right: User Interface Design o...(Web User Interfaces track) "Getting the Query Right: User Interface Design o...
(Web User Interfaces track) "Getting the Query Right: User Interface Design o...
 
Data Analytics in Real World (May 2016)
Data Analytics in Real World (May 2016)Data Analytics in Real World (May 2016)
Data Analytics in Real World (May 2016)
 
vion_a2000_5 facts_d2
vion_a2000_5 facts_d2vion_a2000_5 facts_d2
vion_a2000_5 facts_d2
 
Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...
Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...
Gianluigi Vigano, Senior Architect and Fouad Teban, Regional Presales Manager...
 
[Webinar] Introduction to Cypher
[Webinar] Introduction to Cypher[Webinar] Introduction to Cypher
[Webinar] Introduction to Cypher
 
Collaborative Data Analysis with Taverna Workflows
Collaborative Data Analysis with Taverna WorkflowsCollaborative Data Analysis with Taverna Workflows
Collaborative Data Analysis with Taverna Workflows
 
Accelerating your Research with Microsoft Azure (June 2015)
Accelerating your Research with Microsoft Azure (June 2015)Accelerating your Research with Microsoft Azure (June 2015)
Accelerating your Research with Microsoft Azure (June 2015)
 
Semantic Text Processing Powered by Wikipedia
Semantic Text Processing Powered by WikipediaSemantic Text Processing Powered by Wikipedia
Semantic Text Processing Powered by Wikipedia
 
Big Data Repository for Structural Biology: Challenges and Opportunities by P...
Big Data Repository for Structural Biology: Challenges and Opportunities by P...Big Data Repository for Structural Biology: Challenges and Opportunities by P...
Big Data Repository for Structural Biology: Challenges and Opportunities by P...
 
Tutorial Data Management and workflows
Tutorial Data Management and workflowsTutorial Data Management and workflows
Tutorial Data Management and workflows
 
Secondary data analysis with digital trace data
Secondary data analysis with digital trace dataSecondary data analysis with digital trace data
Secondary data analysis with digital trace data
 
Databases, Web Services and Tools For Systems Immunology
Databases, Web Services and Tools For Systems ImmunologyDatabases, Web Services and Tools For Systems Immunology
Databases, Web Services and Tools For Systems Immunology
 
[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...
[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...
[3DIR] BIM Search Engine: Exploiting Interrelations between Objects when Ass...
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
 

Similar to Towards Designing Effective Visualizations for DNS-based Network Threat Analysis

Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Tao Xie
 
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersDenim Group
 
[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principlesOWASP
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...Shakas Technologies
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real WorldMark Curphey
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
ACM Chicago March 2019 meeting: Software Engineering and AI - Prof. Tao Xie, ...
ACM Chicago March 2019 meeting: Software Engineering and AI - Prof. Tao Xie, ...ACM Chicago March 2019 meeting: Software Engineering and AI - Prof. Tao Xie, ...
ACM Chicago March 2019 meeting: Software Engineering and AI - Prof. Tao Xie, ...ACM Chicago
 
Intelligent Software Engineering: Synergy between AI and Software Engineering
Intelligent Software Engineering: Synergy between AI and Software EngineeringIntelligent Software Engineering: Synergy between AI and Software Engineering
Intelligent Software Engineering: Synergy between AI and Software EngineeringTao Xie
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
 
Dataviz For Cyber Security
Dataviz For Cyber SecurityDataviz For Cyber Security
Dataviz For Cyber SecurityAwalin Sopan
 
2016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v12016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v1Jenny Midwinter
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security OperationsNapier University
 
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...IJNSA Journal
 

Similar to Towards Designing Effective Visualizations for DNS-based Network Threat Analysis (20)

Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)
 
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
 
[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
Flanagan - RA21 Improving Access to Scholarly Resources
Flanagan - RA21 Improving Access to Scholarly ResourcesFlanagan - RA21 Improving Access to Scholarly Resources
Flanagan - RA21 Improving Access to Scholarly Resources
 
ACM Chicago March 2019 meeting: Software Engineering and AI - Prof. Tao Xie, ...
ACM Chicago March 2019 meeting: Software Engineering and AI - Prof. Tao Xie, ...ACM Chicago March 2019 meeting: Software Engineering and AI - Prof. Tao Xie, ...
ACM Chicago March 2019 meeting: Software Engineering and AI - Prof. Tao Xie, ...
 
Intelligent Software Engineering: Synergy between AI and Software Engineering
Intelligent Software Engineering: Synergy between AI and Software EngineeringIntelligent Software Engineering: Synergy between AI and Software Engineering
Intelligent Software Engineering: Synergy between AI and Software Engineering
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
 
Dataviz For Cyber Security
Dataviz For Cyber SecurityDataviz For Cyber Security
Dataviz For Cyber Security
 
2016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v12016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v1
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
 
Red7 Software Application Security Threat Modeling
Red7 Software Application Security Threat ModelingRed7 Software Application Security Threat Modeling
Red7 Software Application Security Threat Modeling
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security Operations
 
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
 

Recently uploaded

Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service Onlineanilsa9823
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxolyaivanovalion
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxolyaivanovalion
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Delhi Call girls
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightDelhi Call girls
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...amitlee9823
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramMoniSankarHazra
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxolyaivanovalion
 

Recently uploaded (20)

Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service Online
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFx
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics Program
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 

Towards Designing Effective Visualizations for DNS-based Network Threat Analysis

  • 1. Towards Designing Effective Visualizations for DNS-based Network Threat Analysis Rosa Romero-Gómez, Yacin Nadji, and Manos Antonakakis {rgomez30,yacin,manos}@gatech.edu
  • 2. What is Network Threat Analysis? 2
  • 3. Analyst Alerts Threat Intelligence The Domain Name System (DNS) is an essential protocol used by both legitimate Internet applications and cyber attacks [Building a Dynamic Reputation System for DNS, Antonakakis et al. 2010] 3
  • 5. Threat Intelligence Acquisition “Security analysts are still collecting threat intelligence via email, spreadsheets, and cutting/pasting information from web-based sources. Obviously, these manual processes don’t scale” [Enterprise Strategy Group (ESG) Research Report: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices, June 2015] 5
  • 6. Analytics “Threat intelligence may offer clues but human beings are left to do the heavy lifting by investigating and analyzing the data on their own” [ESG Research Report: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices, June 2015] 6
  • 7. Our Approach: Open Source THreat Analysis COnsole (THACO) Open Datasets Visualization Techniques 7
  • 8. 8 Classless Inter-Domain Routing (CIDR) Notation 192.0.0.0/8 192.1.0.0/16 192.2.0.0/16 192.168.16.0/24 192.3.0.0/16 192.2.3.0/24 192.2.3.1/32 192.2.3.12/32 /8 /16 /24 /32
  • 9. Access to THACO live demo: https://ipviz.gtisc.gatech.edu/ 9
  • 10. User-centered Visualization Design Domain Problem / Data Characterization Design Prototype Evaluation 10
  • 11. Domain Problem & Data Characterization • Procedure: informal interviews with two domain experts in network threat analysis during two months • Output: two main high-level categories of tasks and data requirements: Top-down network threat analysis or Threat Hunting Bottom-up network threat analysis or Incident Response 11
  • 12. Domain Problem & Data Characterization • Effective threat intelligence involves the combination of multiple data sources: • Active DNS datasets (https://www.activednsproject.org/) • Public Domain Blacklists such as abuse.ch • Malware Traces (https://www.virustotal.com) • Domain WHOIS records (https://www.threatminer.org/) 12
  • 13. Design • Design Goals 1. Multiple views 2. Different levels of detail 3. Scalability Multi-grouping, zoomable treemap 13
  • 14. Evaluation • Participants: • Network threat analysts are hard to find • Seven in-situ and thirty-one online network threat analysts from both academia and industry • Years of experience ranging < 1 year to > 10 years • Procedure: • In-situ evaluation: tasks scenarios and semi-structured interviews • Online evaluation: web-based survey (SUS, System Usability Scale) 14
  • 15. Evaluation • Main Results: • Threat analysis experience of participants affects neither task completion rates nor task completion times using THACO • Experience analysts satisfaction garnered THACO an “A” grade in usability • Limitations: • THACO could be improved for tasks involving keeping track of different pieces of information over time 15
  • 16. Want data? Active DNS datasets: https:// www.activednsproject.org/ 16
  • 17. Want a demo? THACO live demo: https:// ipviz.gtisc.gatech.edu/ 17
  • 18. Want code? Source code on GitHub: https:// github.com/Astrolavos/THACO 18
  • 20. Towards Designing Effective Visualizations for DNS-based Network Threat Analysis Rosa Romero-Gómez, Yacin Nadji, and Manos Antonakakis {rgomez30,yacin,manos}@gatech.edu