Visualizing traffic causality for analyzing network anomalies

ABSTRACT Monitoring network traffic and detecting anomalies are essential tasks that are carried out routinely by security analysts. The sheer volume of network requests often makes it difficult to detect attacks and pinpoint their causes. We design and develop a tool to visually represent the causal relations for network requests. The traffic causality information enables one to reason about the legitimacy and normalcy of observed network events. Our tool with a special visual locality property supports different levels of visualbased querying and reasoning required for the sensemaking process on complex network data. Leveraging the domain knowledge, security analysts can use our tool to identify abnormal network activities and patterns due to attacks or stealthy malware. We conduct a user study that confirms our tool can enhance the readability and perceptibility of the dependency for host-based network traffic

Malware Pattern of Life Analysis

Many malware classifications include viruses, worms, trojans, ransomware, bots, adware, spyware, rootkits, file-less downloaders, malvertising, and many more. Each type may share unique behavioral characteristics with its methods of operations (MO), a pattern of behavior so distinctive that it could be recognized as having the same creator. The research shows the extraction of malware methods of operation using the step-by-step process of Artificial-Based Intelligence (ABI) with built-in Density-based spatial clustering of applications with noise (DBSCAN) machine learning to quantify the actions for their similarities, differences, baseline behaviors, and anomalies. The collected data of the research is from the ransomware sample repositories of Malware Bazaar and Virus Share, totaling 1300 live malicious codes ingested into the CAPEv2 malware sandbox, allowing the capture of traces of static, dynamic, and network behavior features. The ransomware features have shown significant activity of varying identified functions used in encryption, file application programming interface (API), and network function calls. During the machine learning categorization phase, there are eight identified clusters that have similar and different features regarding function-call sequencing events and file access manipulation for dropping file notes and writing encryption. Having compared all the clusters using a “supervenn” pictorial diagram, the characteristics of the static and dynamic behavior of the ransomware give the initial baselines for comparison with other variants that may have been added to the collected data for intelligence gathering. The findings provide a novel practical approach for intelligence gathering to address ransomware or any other malware variants’ activity patterns to discern similarities, anomalies, and differences between malware actions under study

Validasi Paket Data dengan Menggunakan Entropy dan Information Gain

Saat ini, internet lebih banyak menggunakan komunikasi terenkripsi dibandingkan kemananan (security). Saat ini sudah juga digunakan https dalam internet, tetapi ada permasalahan dalam hal klasifikasi paket terenskripsi. Penelitian ini merupakan pengembangan dari penelitian sebelumnya, dimana yang telah berhasil mengklasifikasi paket data secara offline tetapi belum berhasil dalam mengindentifikasi dan mengelompokkan layanan terinkripsi secara mendalam. Penelitian ini membangun simulasi secara nyata dalam pembuatan topologi dan klasifikasi dengan menggunakan entropy sebagai pemilihan atribut. Tujuan penelitian ini dapat melakukan validasi data untuk trafik terenkripsi dan information gain. Studi kasus dilakukan pada implementasi jaringan komputer di Fakultas Ilmu Komputer Unsri. Feature dengan metode feature rangking menghasilkan nilai entropy tertinggi 0.07414856 rangking pertama untuk atribut paket terenkripsi

Big Data and Causality

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Causality analysis continues to remain one of the fundamental research questions and the ultimate objective for a tremendous amount of scientific studies. In line with the rapid progress of science and technology, the age of big data has significantly influenced the causality analysis on various disciplines especially for the last decade due to the fact that the complexity and difficulty on identifying causality among big data has dramatically increased. Data mining, the process of uncovering hidden information from big data is now an important tool for causality analysis, and has been extensively exploited by scholars around the world. The primary aim of this paper is to provide a concise review of the causality analysis in big data. To this end the paper reviews recent significant applications of data mining techniques in causality analysis covering a substantial quantity of research to date, presented in chronological order with an overview table of data mining applications in causality analysis domain as a reference directory