BOTNET DETECTION & VISUALISATION CENTRE OF EXCELLENCE

Computer networks are dynamic, growing, and continually evolving. As complexity grows, it becomes harder to effectively communicate to human decision-makers the results of methods and metrics for monitoring networks, classifying traffic, and identifying malicious or abnormal events. Network administrators and security analysts require tools that help them understand, reason about, and make decisions about the information their analytic systems produce. To this end, information visualization and visual analytics hold great promise for making the information accessible, usable, and actionable by taking advantage of the human perceptual abilities. Current security monitoring tools are insufficient for effective botnet traffic detection. Most of the existing tools are text-based and lack effective user friendly interface that can facilitate detection of botnet traffic in large datasets. Moreover, most of these tools are based on reactive approaches and will be triggered only after an attack is detected. Therefore, enhancement of botnet traffic detection is highly demanded. We aim at developing an integrated network defense system with situation awareness capabilities to present the useful information for human analysts. In particular, we shall facilitate study on prototypical system that includes both the distributed passive and active network sensors and traffic visualization features, such as 1D, 2D and 3D based network traffic displays. To effectively detect attacks, we look forward to facilitating to study algorithms to transform real-world data of IP addresses into images and study the pattern of attacks and use both the discrete wavelet transform based scheme and the statistical based scheme to detect attacks. We plan to propagate body of this knowledge for facilitating an extensive simulation study to look into data validate the effectiveness of our implemented defence system and facilitate producing next generation security product & technology.

  • 1. Uses of visualization for network status monitoring and situational awareness
  • 2. Visualization methods employed in the classification of network traffic and its analysis
  • 3. Visualization methods enhancing network intrusion detection and anomaly detection
  • 4. Visualization methods for the analysis of network threats (e.g. botnets)
  • 5. Visualization methods for the analysis of network routing
  • 6. Methods for integrating analytics and visualization together for network analysis tasks
  • 7. Integrating heterogeneous data sources to support network analysis tasks