SlideShare uma empresa Scribd logo

Vis sense cluster meeting

F
fcleary
EducaçãoTecnologia
1 de 18
Baixar para ler offline
Visual Analytic Representation of Large Datasets for Enhancing Network Security James Davey Fraunhofer Institute for Computer Graphics Research IGD Fraunhoferstraße 5 64283 Darmstadt Phone +49 6151 155-655 | Fax -139 james.davey@igd.fraunhofer.de www.igd.fraunhofer.de/igd-a3 www.vis-sense.eu No. 257495
VIS-SENSE Organisation Topic: Technology and Tools for Trustworthy ICT (2009.1.4) Grant Agreement: STREP – 257495 Time Frame: 01.10.2010 until 30.09.2013 Budget: 3,32 million euro / 2.35 million euro EU contribution 6 partners from 4 countries: Fraunhofer IGD (Germany) – Coordinator CERTH / ITI (Greece) Institut EURECOM (France) Institut Telecom (France) Symantec Ltd. (Ireland) University of Konstanz (Germany) www.vis-sense.eu No. 257495
Root-Cause Analysis Use Case: Root-Cause Analysis Overview over the Internet threat landscape Zooming Out www.vis-sense.eu No. 257495
Overview – Zooming Out www.vis-sense.eu No. 257495
Overview – Zooming Out www.vis-sense.eu No. 257495
Overview – Zooming Out www.vis-sense.eu No. 257495
Overview – Zooming Out Features in an interactive map: Our Features: Position, I.P. addresses, Area, Server names, Street hierarchy, Email addresses, Etc. Keyword sets, Distributions, Timestamps, Etc. www.vis-sense.eu No. 257495
Overview – Zooming Out Features in an interactive map: Our Features: Grouping is easy and unambiguous Grouping is difficult Grouping is ambiguous We need some definition of distance or similarity Similarity Models www.vis-sense.eu No. 257495
The TRIAGE(1) approach Clustering based on Multi-Criteria Decision Analysis (MCDA) Automatic grouping of elements likely to share the same root causes Features Selection Σ Multi-criteria Per feature Multi-Dimensional Aggregation Graph-based representation Clusters (MDC’s) Events (data fusion) 1) Triage (med.): process of prioritizing patients based on the severity of their condition www.vis-sense.eu No. 257495 9 9
Definitions Features Entities www.vis-sense.eu No. 257495
Similarity – Models for Similarity www.vis-sense.eu No. 257495
Per Feature Similarity Example – Real Numbers www.vis-sense.eu No. 257495
Grouping with respect to different features www.vis-sense.eu No. 257495
Aggregate Similarity Example www.vis-sense.eu No. 257495
An example of Rogue AV campaign 750 domains registered over a span of 8 months Domain name /24 network of web server Registrant email www.vis-sense.eu Registration date No. 257495
- domain name patterns - use of whois privacy protection services www.vis-sense.eu No. 257495
Spam Botnets Inter-relationships Unclassified Rustock Mega-D Cutwail Grum Spam event Subject keywords www.vis-sense.eu No. 257495 Bot name
Thanks for Your Attention James Davey Fraunhofer IGD Fraunhoferstraße 5 64283 Darmstadt IGD_Folienvorlage_v2010.10.ppt Tel +49 6151 155 – 655 | Fax – 139 james.davey@igd.fraunhofer.de www.igd.fraunhofer.de/igd-a3 www.vis-sense.eu No. 257495

Recomendados

Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
fcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
fcleary
 
Tdl
TdlTdl
Tdl
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Syssec
SyssecSyssec
Syssec
fcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
fcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
fcleary
 

Recomendados

Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meeting
fcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectives
fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meeting
fcleary
 
Tdl
TdlTdl
Tdl
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Syssec
SyssecSyssec
Syssec
fcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
fcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704
fcleary
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
fcleary
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
fcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
fcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
fcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
fcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
fcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
fcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
fcleary
 
Nessos
NessosNessos
Nessos
fcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
fcleary
 
Eccenca linked data_101 (en)
Eccenca linked data_101 (en)Eccenca linked data_101 (en)
Eccenca linked data_101 (en)
Hans-Chr. Brockmann
 
PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)
Siddick Elaheebocus
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Data
fbeckett1
 
Tear down this wall PESGB
Tear down this wall PESGBTear down this wall PESGB
Tear down this wall PESGB
David Lloyd
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolution
Stijn Vande Casteele
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1
CloudExpoEurope
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
changcai
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationZero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and Authentication
Clare Nelson, CISSP, CIPP-E
 
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
Cloudyn
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Amazon Web Services
 
PCTY 2012, Cloud security (real life) v. Ulf Feger
PCTY 2012, Cloud security (real life) v. Ulf FegerPCTY 2012, Cloud security (real life) v. Ulf Feger
PCTY 2012, Cloud security (real life) v. Ulf Feger
IBM Danmark
 

Mais conteúdo relacionado

Destaque

Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
fcleary
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
fcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
fcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
fcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
fcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
fcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
fcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
fcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
fcleary
 

Destaque (11)

Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
 
Nessos securechange cluster meeting
Nessos securechange cluster meetingNessos securechange cluster meeting
Nessos securechange cluster meeting
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
 
Nessos
NessosNessos
Nessos
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
 

Semelhante a Vis sense cluster meeting

Eccenca linked data_101 (en)
Eccenca linked data_101 (en)Eccenca linked data_101 (en)
Eccenca linked data_101 (en)
Hans-Chr. Brockmann
 
Tear down this wall PESGB
Tear down this wall PESGBTear down this wall PESGB
Tear down this wall PESGB
David Lloyd
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
changcai
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Building a data network (wired and wireless
Building a data network (wired and wirelessBuilding a data network (wired and wireless
Building a data network (wired and wireless
Fedora Leo
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 

Semelhante a Vis sense cluster meeting (20)

Eccenca linked data_101 (en)
Eccenca linked data_101 (en)Eccenca linked data_101 (en)
Eccenca linked data_101 (en)
 
PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Data
 
Tear down this wall PESGB
Tear down this wall PESGBTear down this wall PESGB
Tear down this wall PESGB
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolution
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationZero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and Authentication
 
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by ...
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
 
PCTY 2012, Cloud security (real life) v. Ulf Feger
PCTY 2012, Cloud security (real life) v. Ulf FegerPCTY 2012, Cloud security (real life) v. Ulf Feger
PCTY 2012, Cloud security (real life) v. Ulf Feger
 
Introduction to Drupal features
Introduction to Drupal featuresIntroduction to Drupal features
Introduction to Drupal features
 
In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...In the social, mobile and cloud era, what does it take to be an Information P...
In the social, mobile and cloud era, what does it take to be an Information P...
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
 
Alcatel-Lucent Enterprise Forum 2009 Keynote Address
Alcatel-Lucent Enterprise Forum 2009 Keynote AddressAlcatel-Lucent Enterprise Forum 2009 Keynote Address
Alcatel-Lucent Enterprise Forum 2009 Keynote Address
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Building a data network (wired and wireless
Building a data network (wired and wirelessBuilding a data network (wired and wireless
Building a data network (wired and wireless
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
Download It
Download ItDownload It
Download It
 

Mais de fcleary

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
fcleary
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
fcleary
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
fcleary
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meeting
fcleary
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meeting
fcleary
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fcleary
fcleary
 

Mais de fcleary (7)

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meeting
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meeting
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fcleary
 

Último

Último (20)

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 

Vis sense cluster meeting

  • 1. Visual Analytic Representation of Large Datasets for Enhancing Network Security James Davey Fraunhofer Institute for Computer Graphics Research IGD Fraunhoferstraße 5 64283 Darmstadt Phone +49 6151 155-655 | Fax -139 james.davey@igd.fraunhofer.de www.igd.fraunhofer.de/igd-a3 www.vis-sense.eu No. 257495
  • 2. VIS-SENSE Organisation Topic: Technology and Tools for Trustworthy ICT (2009.1.4) Grant Agreement: STREP – 257495 Time Frame: 01.10.2010 until 30.09.2013 Budget: 3,32 million euro / 2.35 million euro EU contribution 6 partners from 4 countries: Fraunhofer IGD (Germany) – Coordinator CERTH / ITI (Greece) Institut EURECOM (France) Institut Telecom (France) Symantec Ltd. (Ireland) University of Konstanz (Germany) www.vis-sense.eu No. 257495
  • 3. Root-Cause Analysis Use Case: Root-Cause Analysis Overview over the Internet threat landscape Zooming Out www.vis-sense.eu No. 257495
  • 4. Overview – Zooming Out www.vis-sense.eu No. 257495
  • 5. Overview – Zooming Out www.vis-sense.eu No. 257495
  • 6. Overview – Zooming Out www.vis-sense.eu No. 257495
  • 7. Overview – Zooming Out Features in an interactive map: Our Features: Position, I.P. addresses, Area, Server names, Street hierarchy, Email addresses, Etc. Keyword sets, Distributions, Timestamps, Etc. www.vis-sense.eu No. 257495
  • 8. Overview – Zooming Out Features in an interactive map: Our Features: Grouping is easy and unambiguous Grouping is difficult Grouping is ambiguous We need some definition of distance or similarity Similarity Models www.vis-sense.eu No. 257495
  • 9. The TRIAGE(1) approach Clustering based on Multi-Criteria Decision Analysis (MCDA) Automatic grouping of elements likely to share the same root causes Features Selection Σ Multi-criteria Per feature Multi-Dimensional Aggregation Graph-based representation Clusters (MDC’s) Events (data fusion) 1) Triage (med.): process of prioritizing patients based on the severity of their condition www.vis-sense.eu No. 257495 9 9
  • 10. Definitions Features Entities www.vis-sense.eu No. 257495
  • 11. Similarity – Models for Similarity www.vis-sense.eu No. 257495
  • 12. Per Feature Similarity Example – Real Numbers www.vis-sense.eu No. 257495
  • 13. Grouping with respect to different features www.vis-sense.eu No. 257495
  • 14. Aggregate Similarity Example www.vis-sense.eu No. 257495
  • 15. An example of Rogue AV campaign 750 domains registered over a span of 8 months Domain name /24 network of web server Registrant email www.vis-sense.eu Registration date No. 257495
  • 16. - domain name patterns - use of whois privacy protection services www.vis-sense.eu No. 257495
  • 17. Spam Botnets Inter-relationships Unclassified Rustock Mega-D Cutwail Grum Spam event Subject keywords www.vis-sense.eu No. 257495 Bot name
  • 18. Thanks for Your Attention James Davey Fraunhofer IGD Fraunhoferstraße 5 64283 Darmstadt IGD_Folienvorlage_v2010.10.ppt Tel +49 6151 155 – 655 | Fax – 139 james.davey@igd.fraunhofer.de www.igd.fraunhofer.de/igd-a3 www.vis-sense.eu No. 257495