Host Behavior in Computer Network: One-Year Study

Jirsík, Tomáš; Velan, Petr

doi:10.1109/tnsm.2020.3036528

Cited by 3 publications

(3 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In five of the six cases, we were also able to identify one domain expert per dataset (see Section 3.3) from the start of the abstractions process. Only for the host behavior case, we initially reused a dataset (and tasks) of a scientific publication [52], and conducted the expert cast and winnow stages [89] later. To design a data-centric but domain-agnostic visualization tool that helps to solve problems encountered by experts across different domains, we engaged with the experts early in the process to learn more about their domain context, usage of the data, current tool usage, problems, and challenges, to identify design targets and determine appropriate validation strategies [77].…”

Section: Methodological Processmentioning

confidence: 99%

See 1 more Smart Citation

IVESA - Visual Analysis of Time-Stamped Event Sequences

Bernard,

Barth,

Cuba

et al. 2024

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

Fig. 1. Overview of IVESA. On the left, the Sequence Overview and Details View primarily enable the analysis of the TSEQs content, i.e., events, event sequences, groups of event sequences, motifs, and features. On the right, the Metadata View supports the analysis of metadata attributes and the TSEQs contextualization, whereas the Summary View includes the entry point to auxiliary views for filtering, motif configuration, feature analysis, and clustering.

show abstract

Section: Methodological Processmentioning

confidence: 99%

“…In the Host Behavior case, we analyzed a publicly available dataset of network flows collected by Jirsik and Velan in their 2021 host behavior study [52]. The dataset on the communications flow of a university network consists of 348,574 time-stamped ingress (incoming) and egress (outgoing) communication events.…”

Section: Host Behavior In a Computer Networkmentioning

confidence: 99%

IVESA - Visual Analysis of Time-Stamped Event Sequences

Bernard,

Barth,

Cuba

et al. 2024

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

show abstract

“…To evade detection and blocking of C&C addresses, they are leveraging both host-based and network-based evasion tactics, along with the use of steganography for updating the IP addresses of C&C servers used by malware [6]. Traditional defense mechanisms primarily focus on network-based and signaturebased virus monitoring [7]. However, these methods fall short in effectively intercepting and defending against such threats.…”

Section: Related Workmentioning

confidence: 99%

Anteater: Advanced Persistent Threat Detection With Program Network Traffic Behavior

Zhang,

Liu,

Kuok

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Recent stealth attacks cleverly disguise malicious activities, masquerading as ordinary connections to popular online services through seemingly innocuous applications. These methods often evade detection by traditional network monitoring or signature-based techniques, as attackers frequently hide Command and Control (C&C) servers within well-known cloud service providers, making the traffic anomalies appear normal. In this paper, we introduce an application-level monitoring system, Anteater. Anteater constructs a detailed profile for each legitimate software's network traffic behavior, outlining the expected traffic patterns. By scrutinizing a program's network traffic configuration, Anteater efficiently pinpoints and intercepts the IP addresses associated with abnormal program access. Implemented in a realworld enterprise environment, Anteater was tested on a dataset containing over 400 million real-world network traffic sessions. The evaluation results demonstrate that Anteater achieves a high detection rate for malware injections, boasting a true positive rate of 94.5% and a false positive rate of less than 0.1%.

show abstract

On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features

Nitz,

Gurabi,

Cermak

et al. 2024

Digital Threats

View full text Add to dashboard Cite

Organizations and their security operation centers often struggle to detect and respond effectively to an extensive quantity of ever-evolving cyberattacks. While collaboration, such as threat intelligence sharing between security teams, and response automation are often discussed in the cybersecurity community, issues like data sensitivity and confidence in detection may hinder their adoption. This work investigates the potentials and challenges of collaboration and automation to enhance incident response processes. We propose a reference architecture for data sharing in threat detection and response, aiming to boost collaborative and automated efforts across organizations while also considering privacy-preserving features. To address these challenges and potentials, we discuss how such a framework could enhance current response processes within and between organizations, validated with results in local attack detection, incident response, and data sharing.

show abstract

Host Behavior in Computer Network: One-Year Study

Cited by 3 publications

References 31 publications

IVESA - Visual Analysis of Time-Stamped Event Sequences

IVESA - Visual Analysis of Time-Stamped Event Sequences

Anteater: Advanced Persistent Threat Detection With Program Network Traffic Behavior

On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features

Contact Info

Product

Resources

About