Patterns & Anomalies in Cyberspace

CYBERSPACE
PATTERNS & ANOMALIES IN
TIM BASS

TIM BASS 8 MARCH 2017TIM BASS 9 MARCH 2017
CYBERSPACE
SITUATIONAL AWARENESS 
 
PRESENTATION DOI 10.13140/RG.2.2.31306.77766/2

VISUALIZING NEAR REAL TIME NETWORK
OBJECTS & RELATIONSHIPS
FOR INCREASED SITUATIONAL KNOWLEDGE
OF CYBERSPACE ACTIVITY & ANOMALIES 
 

TIM BASS 8 MARCH 2017PRESENTATION DOI 10.13140/RG.2.2.31306.77766/2
CLANDESTINE BAIDU BOTS …. GEOIP CHINA
TIM BASS 9 MARCH 2017
INDEXING WEBSITE
CLANDESTINELY
BLOCKED

INDEXING WEBSITE
CLANDESTINELY
BLOCKED

LINK INDEXING BOT NETWORK …
INDEXING WEBSITE
IDENTIFIED AS
AHREF BOTS - GEOIP US
PERMISSION GRANTED

CLANDESTINE BAIDU BOTS …. GEOIP BRAZIL
UNREGISTERED
USER
REGISTERED
WEBSITE USER

“NORMAL” BOT NETWORKS
BLOCKED

INDEXING WEBSITE
CLANDESTINELY
BLOCKED

PATTERN-BASED ANOMALY DETECTION
OBSERVE SITUATIONS IN CYBERSPACE
4
- PATTERNS ANOMALIES
- STRANGE BEHAVIOR
- UNEXPECTED SITUATIONS
- UNEXPLAINABLE OBSERVATIONS

TIM BASS 8 MARCH 2017TIM BASS 9 MARCH 2017PRESENTATION DOI 10.13140/RG.2.2.31306.77766/2
A CLOSER LOOK SHOWS > 200 BOTS DISGUISED AS NORMAL USERS
BLOCKED

NORMAL “LARGE”
BOTNET - INDEXING
WEBSITE AS AFREF BOTS
LARGE “IDENTIFIED” SEARCH BOT NETWORK - GEOIP US
PERMISSION GRANTED

CLANDESTINE BOT NETWORK - GEOIP KOREA …
INDEXING WEBSITE
DISGUISED AS NORMAL WEB USERS (NOT BOTS)
BLOCKED

CLANDESTINE “BANKRUPT IP ADDRESS BLOCK” BOTNET - GEOIP US …
ADDRESS SPACE ASSIGNED TO
BANKRUPT GRAPHICS CHIP
COMPANY NOW RUNNING
UNIDENTIFIED BOT NETWORK FROM
ASSIGNED IP ADDRESS SPACE
CI - TRIDENT MICROSYSTEMS SID-18863
BLOCKED

CLANDESTINE BOT NETWORK - GEOIP INDIA …
SUSPICIOUS ACTIVITY
FROM IP ADDRESS
CLUSTER IN INDIA
ADDED TO WATCH LIST

YANDEX BOT DISGUISED AT MOBILE DEVICE - GEOIP RUSSIA …
YANDEX BOT IDENTIFYING
ITSELF AS AN APPLE IOS
DEVICE IN USER AGENT (UA)
STRING
IGNORED

PATTERN-BASED VISUAL ANOMALY DETECTION
SHOULD APPLIED TO MOST (IF NOT ALL) NETWORK OBJECTS
- WEBSITES & SERVERS
- MOBILE PHONES
- SMART DEVICES - IOTS
- NETWORK INFRASTRUCTURE

REFERENCES
TIM BASS, INTRUSION DETECTION SYSTEMS AND MULTISENSOR DATA FUSION,
COMMUNICATIONS OF THE ACM 43(4): 99-105, APRIL 2000, DOI 10.1145/332051.332079
TIM BASS, CYBERSPACE SITUATIONAL AWARENESS DEMANDS MIMIC TRADITIONAL
COMMAND REQUIREMENTS, SIGNAL, OFFICIAL PUBLICATION OF AFCEA, FEBRUARY 2000,
DOI 10.13140/RG.2.2.27068.85127
TIM BASS, CYBERSPACE SITUATION GRAPHS - A BRIEF OVERVIEW, PRESENTATION,
AFFILIATION: WWW.THECEPBLOG.COM, SEPTEMBER 2016, DOI 10.13140/RG.
2.2.16014.56643/9
TIM BASS, A JOURNEY INTO CYBERSPACE, PRESENTATION, AFFILIATION:
WWW.THECEPBLOG.COM, MARCH 4, 2017, DOI 10.13140/RG 2.2.26109.77284/1
MY SINCERE APOLOGIES FOR THE SELF-REFERENCES

Patterns & Anomalies in Cyberspace

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (7)

Recently uploaded

Recently uploaded (20)

Patterns & Anomalies in Cyberspace