SlideShare une entreprise Scribd logo

Vis sense cluster meeting

F
fcleary
FormationTechnologie
1  sur  18
Télécharger pour lire hors ligne
Visual Analytic Representation of Large Datasets for Enhancing Network Security James Davey Fraunhofer Institute for Computer Graphics Research IGD Fraunhoferstraße 5 64283 Darmstadt Phone +49 6151 155-655 | Fax -139 james.davey@igd.fraunhofer.de www.igd.fraunhofer.de/igd-a3 www.vis-sense.eu No. 257495
VIS-SENSE Organisation Topic: Technology and Tools for Trustworthy ICT (2009.1.4) Grant Agreement: STREP – 257495 Time Frame: 01.10.2010 until 30.09.2013 Budget: 3,32 million euro / 2.35 million euro EU contribution 6 partners from 4 countries: Fraunhofer IGD (Germany) – Coordinator CERTH / ITI (Greece) Institut EURECOM (France) Institut Telecom (France) Symantec Ltd. (Ireland) University of Konstanz (Germany) www.vis-sense.eu No. 257495
Root-Cause Analysis Use Case: Root-Cause Analysis Overview over the Internet threat landscape Zooming Out www.vis-sense.eu No. 257495
Overview – Zooming Out www.vis-sense.eu No. 257495
Overview – Zooming Out www.vis-sense.eu No. 257495
Overview – Zooming Out www.vis-sense.eu No. 257495
Overview – Zooming Out Features in an interactive map: Our Features: Position, I.P. addresses, Area, Server names, Street hierarchy, Email addresses, Etc. Keyword sets, Distributions, Timestamps, Etc. www.vis-sense.eu No. 257495
Overview – Zooming Out Features in an interactive map: Our Features: Grouping is easy and unambiguous Grouping is difficult Grouping is ambiguous We need some definition of distance or similarity Similarity Models www.vis-sense.eu No. 257495
The TRIAGE(1) approach Clustering based on Multi-Criteria Decision Analysis (MCDA) Automatic grouping of elements likely to share the same root causes Features Selection Σ Multi-criteria Per feature Multi-Dimensional Aggregation Graph-based representation Clusters (MDC’s) Events (data fusion) 1) Triage (med.): process of prioritizing patients based on the severity of their condition www.vis-sense.eu No. 257495 9 9
Definitions Features Entities www.vis-sense.eu No. 257495
Similarity – Models for Similarity www.vis-sense.eu No. 257495
Per Feature Similarity Example – Real Numbers www.vis-sense.eu No. 257495
Grouping with respect to different features www.vis-sense.eu No. 257495
Aggregate Similarity Example www.vis-sense.eu No. 257495
An example of Rogue AV campaign 750 domains registered over a span of 8 months Domain name /24 network of web server Registrant email www.vis-sense.eu Registration date No. 257495
- domain name patterns - use of whois privacy protection services www.vis-sense.eu No. 257495
Spam Botnets Inter-relationships Unclassified Rustock Mega-D Cutwail Grum Spam event Subject keywords www.vis-sense.eu No. 257495 Bot name
Thanks for Your Attention James Davey Fraunhofer IGD Fraunhoferstraße 5 64283 Darmstadt IGD_Folienvorlage_v2010.10.ppt Tel +49 6151 155 – 655 | Fax – 139 james.davey@igd.fraunhofer.de www.igd.fraunhofer.de/igd-a3 www.vis-sense.eu No. 257495

Recommandé

Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
fcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
fcleary
 
Tdl
TdlTdl
Tdl
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Syssec
SyssecSyssec
Syssec
fcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
fcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
fcleary
 

Recommandé

Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
fcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
fcleary
 
Tdl
TdlTdl
Tdl
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Syssec
SyssecSyssec
Syssec
fcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
fcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
fcleary
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
fcleary
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
fcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
fcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
fcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
fcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
fcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
fcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
fcleary
 
Nessos
NessosNessos
Nessos
fcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
fcleary
 
Eccenca linked data_101 (en)
Eccenca linked data_101 (en)Eccenca linked data_101 (en)
Eccenca linked data_101 (en)
Hans-Chr. Brockmann
 
PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)
Siddick Elaheebocus
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Data
fbeckett1
 
Tear down this wall PESGB
Tear down this wall PESGBTear down this wall PESGB
Tear down this wall PESGB
David Lloyd
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolution
Stijn Vande Casteele
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1
CloudExpoEurope
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
changcai
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationZero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and Authentication
Clare Nelson, CISSP, CIPP-E
 
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
Cloudyn
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Amazon Web Services
 
PCTY 2012, Cloud security (real life) v. Ulf Feger
PCTY 2012, Cloud security (real life) v. Ulf FegerPCTY 2012, Cloud security (real life) v. Ulf Feger
PCTY 2012, Cloud security (real life) v. Ulf Feger
IBM Danmark
 

Contenu connexe

En vedette

Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
fcleary
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
fcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
fcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
fcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
fcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
fcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
fcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
fcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
fcleary
 

En vedette (11)

Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
 
Nessos
NessosNessos
Nessos
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
 

Similaire à Vis sense cluster meeting

Eccenca linked data_101 (en)
Eccenca linked data_101 (en)Eccenca linked data_101 (en)
Eccenca linked data_101 (en)
Hans-Chr. Brockmann
 
Tear down this wall PESGB
Tear down this wall PESGBTear down this wall PESGB
Tear down this wall PESGB
David Lloyd
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
changcai
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Building a data network (wired and wireless
Building a data network (wired and wirelessBuilding a data network (wired and wireless
Building a data network (wired and wireless
Fedora Leo
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 

Similaire à Vis sense cluster meeting (20)

Eccenca linked data_101 (en)
Eccenca linked data_101 (en)Eccenca linked data_101 (en)
Eccenca linked data_101 (en)
 
PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Data
 
Tear down this wall PESGB
Tear down this wall PESGBTear down this wall PESGB
Tear down this wall PESGB
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolution
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationZero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and Authentication
 
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
 
PCTY 2012, Cloud security (real life) v. Ulf Feger
PCTY 2012, Cloud security (real life) v. Ulf FegerPCTY 2012, Cloud security (real life) v. Ulf Feger
PCTY 2012, Cloud security (real life) v. Ulf Feger
 
Introduction to Drupal features
Introduction to Drupal featuresIntroduction to Drupal features
Introduction to Drupal features
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
 
Alcatel-Lucent Enterprise Forum 2009 Keynote Address
Alcatel-Lucent Enterprise Forum 2009 Keynote AddressAlcatel-Lucent Enterprise Forum 2009 Keynote Address
Alcatel-Lucent Enterprise Forum 2009 Keynote Address
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Building a data network (wired and wireless
Building a data network (wired and wirelessBuilding a data network (wired and wireless
Building a data network (wired and wireless
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
Download It
Download ItDownload It
Download It
 

Plus de fcleary

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
fcleary
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
fcleary
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meeting
fcleary
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meeting
fcleary
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fcleary
fcleary
 

Plus de fcleary (7)

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meeting
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meeting
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fcleary
 

Dernier

Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Dernier (20)

Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 

Vis sense cluster meeting

  • 1. Visual Analytic Representation of Large Datasets for Enhancing Network Security James Davey Fraunhofer Institute for Computer Graphics Research IGD Fraunhoferstraße 5 64283 Darmstadt Phone +49 6151 155-655 | Fax -139 james.davey@igd.fraunhofer.de www.igd.fraunhofer.de/igd-a3 www.vis-sense.eu No. 257495
  • 2. VIS-SENSE Organisation Topic: Technology and Tools for Trustworthy ICT (2009.1.4) Grant Agreement: STREP – 257495 Time Frame: 01.10.2010 until 30.09.2013 Budget: 3,32 million euro / 2.35 million euro EU contribution 6 partners from 4 countries: Fraunhofer IGD (Germany) – Coordinator CERTH / ITI (Greece) Institut EURECOM (France) Institut Telecom (France) Symantec Ltd. (Ireland) University of Konstanz (Germany) www.vis-sense.eu No. 257495
  • 3. Root-Cause Analysis Use Case: Root-Cause Analysis Overview over the Internet threat landscape Zooming Out www.vis-sense.eu No. 257495
  • 4. Overview – Zooming Out www.vis-sense.eu No. 257495
  • 5. Overview – Zooming Out www.vis-sense.eu No. 257495
  • 6. Overview – Zooming Out www.vis-sense.eu No. 257495
  • 7. Overview – Zooming Out Features in an interactive map: Our Features: Position, I.P. addresses, Area, Server names, Street hierarchy, Email addresses, Etc. Keyword sets, Distributions, Timestamps, Etc. www.vis-sense.eu No. 257495
  • 8. Overview – Zooming Out Features in an interactive map: Our Features: Grouping is easy and unambiguous Grouping is difficult Grouping is ambiguous We need some definition of distance or similarity Similarity Models www.vis-sense.eu No. 257495
  • 9. The TRIAGE(1) approach Clustering based on Multi-Criteria Decision Analysis (MCDA) Automatic grouping of elements likely to share the same root causes Features Selection Σ Multi-criteria Per feature Multi-Dimensional Aggregation Graph-based representation Clusters (MDC’s) Events (data fusion) 1) Triage (med.): process of prioritizing patients based on the severity of their condition www.vis-sense.eu No. 257495 9 9
  • 10. Definitions Features Entities www.vis-sense.eu No. 257495
  • 11. Similarity – Models for Similarity www.vis-sense.eu No. 257495
  • 12. Per Feature Similarity Example – Real Numbers www.vis-sense.eu No. 257495
  • 13. Grouping with respect to different features www.vis-sense.eu No. 257495
  • 14. Aggregate Similarity Example www.vis-sense.eu No. 257495
  • 15. An example of Rogue AV campaign 750 domains registered over a span of 8 months Domain name /24 network of web server Registrant email www.vis-sense.eu Registration date No. 257495
  • 16. - domain name patterns - use of whois privacy protection services www.vis-sense.eu No. 257495
  • 17. Spam Botnets Inter-relationships Unclassified Rustock Mega-D Cutwail Grum Spam event Subject keywords www.vis-sense.eu No. 257495 Bot name
  • 18. Thanks for Your Attention James Davey Fraunhofer IGD Fraunhoferstraße 5 64283 Darmstadt IGD_Folienvorlage_v2010.10.ppt Tel +49 6151 155 – 655 | Fax – 139 james.davey@igd.fraunhofer.de www.igd.fraunhofer.de/igd-a3 www.vis-sense.eu No. 257495