Cylindrical Coordinates Security Visualization for multiple domain command and control botnet detection

Ilju Seo, Heejo Lee, Seung Chul Han

Research output: Contribution to journalArticle

10 Citations (Scopus)

Abstract

The botnets are one of the most dangerous species of network-based attack. They cause severe network disruptions through massive coordinated attacks nowadays and the results of this disruption frequently cost enterprises large sums in financial losses. In this paper, we make an in-depth investigation on the issue of botnet detection and present a new security visualization tool for visualizing botnet behaviors on DNS traffic. The core mechanism is developed with the objective of enabling users to recognize security threats promptly and mitigate the damages by only visualizing DNS traffic in cylindrical coordinates. We compare our visualization method with existing ones and the experimental results show that ours has greater perceptual efficiency. The ideas and results of this study will contribute toward designing an advanced visualization technique that offers better security. Also, the approach proposed in this study can be utilized to derive new and valuable insights in security aspects from the complex correlations of Big Data.

Original languageEnglish
Pages (from-to)141-153
Number of pages13
JournalComputers and Security
Volume46
DOIs
Publication statusPublished - 2014 Jan 1

Fingerprint

visualization
Visualization
traffic
damages
threat
efficiency
cause
Botnet
Costs
Industry
costs
Big data

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

Cylindrical Coordinates Security Visualization for multiple domain command and control botnet detection. / Seo, Ilju; Lee, Heejo; Han, Seung Chul.

In: Computers and Security, Vol. 46, 01.01.2014, p. 141-153.

Research output: Contribution to journalArticle

@article{484a85e468b14d0ebc48828cb94ba060,
title = "Cylindrical Coordinates Security Visualization for multiple domain command and control botnet detection",
abstract = "The botnets are one of the most dangerous species of network-based attack. They cause severe network disruptions through massive coordinated attacks nowadays and the results of this disruption frequently cost enterprises large sums in financial losses. In this paper, we make an in-depth investigation on the issue of botnet detection and present a new security visualization tool for visualizing botnet behaviors on DNS traffic. The core mechanism is developed with the objective of enabling users to recognize security threats promptly and mitigate the damages by only visualizing DNS traffic in cylindrical coordinates. We compare our visualization method with existing ones and the experimental results show that ours has greater perceptual efficiency. The ideas and results of this study will contribute toward designing an advanced visualization technique that offers better security. Also, the approach proposed in this study can be utilized to derive new and valuable insights in security aspects from the complex correlations of Big Data.",
keywords = "Botnet detection, DNS traffic, Graph isomorphism, Human cognition, Security visualization, Visual signature",
author = "Ilju Seo and Heejo Lee and Han, {Seung Chul}",
year = "2014",
month = "1",
day = "1",
doi = "10.1016/j.cose.2014.07.007",
language = "English",
volume = "46",
pages = "141--153",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

TY - JOUR

T1 - Cylindrical Coordinates Security Visualization for multiple domain command and control botnet detection

AU - Seo, Ilju

AU - Lee, Heejo

AU - Han, Seung Chul

PY - 2014/1/1

Y1 - 2014/1/1

N2 - The botnets are one of the most dangerous species of network-based attack. They cause severe network disruptions through massive coordinated attacks nowadays and the results of this disruption frequently cost enterprises large sums in financial losses. In this paper, we make an in-depth investigation on the issue of botnet detection and present a new security visualization tool for visualizing botnet behaviors on DNS traffic. The core mechanism is developed with the objective of enabling users to recognize security threats promptly and mitigate the damages by only visualizing DNS traffic in cylindrical coordinates. We compare our visualization method with existing ones and the experimental results show that ours has greater perceptual efficiency. The ideas and results of this study will contribute toward designing an advanced visualization technique that offers better security. Also, the approach proposed in this study can be utilized to derive new and valuable insights in security aspects from the complex correlations of Big Data.

AB - The botnets are one of the most dangerous species of network-based attack. They cause severe network disruptions through massive coordinated attacks nowadays and the results of this disruption frequently cost enterprises large sums in financial losses. In this paper, we make an in-depth investigation on the issue of botnet detection and present a new security visualization tool for visualizing botnet behaviors on DNS traffic. The core mechanism is developed with the objective of enabling users to recognize security threats promptly and mitigate the damages by only visualizing DNS traffic in cylindrical coordinates. We compare our visualization method with existing ones and the experimental results show that ours has greater perceptual efficiency. The ideas and results of this study will contribute toward designing an advanced visualization technique that offers better security. Also, the approach proposed in this study can be utilized to derive new and valuable insights in security aspects from the complex correlations of Big Data.

KW - Botnet detection

KW - DNS traffic

KW - Graph isomorphism

KW - Human cognition

KW - Security visualization

KW - Visual signature

UR - http://www.scopus.com/inward/record.url?scp=84906841478&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84906841478&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2014.07.007

DO - 10.1016/j.cose.2014.07.007

M3 - Article

AN - SCOPUS:84906841478

VL - 46

SP - 141

EP - 153

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -