Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Visualization for Computer Security

VizSec 2008: Visualization for Computer Security pp 181–196Cite as

Network Traffic Exploration Application: A Tool to Assess, Visualize, and Analyze Network Security Events

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5210))

Abstract

Defence Research and Development Canada (DRDC) is developing a security event / packet analysis tool that is useful for analyzing a wide range of network attacks. The tool allows the security analyst to visually analyze a security event from a broad range of visual perspectives using a variety of detection algorithms. The tool is easy to extend and can be used to generate automated analysis scripts. The system architecture is presented and its capabilities are demonstrated through the analysis of several covert tunnels.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Valeur, F., et al.: A Comprehensive Approach to intrusion Detection Alert Correlation. IEEE Transactions on Dependable and Secure Computing 1(3), 146–149 (2004)

    Article  Google Scholar 

  2. Farshchi, J.: Statistical based approach to Intrusion Detection, SANS Institute(2003) (Access date 1 April 2008), http://www.sans.org/resources/idfaq/statistic_ids.php

  3. Roesch, M.P: SNORT (Access date 1 April 2008), http://www.snort.org/

  4. Ertoz, L., Eilerston, E. Lazarevic, A., Tan P. Srivastava, J. and Kumar, V.: Detection and Summarization of Novel Network Attacks Using Data Mining, Techincal Report (2003), http://www-users.cs.umn.edu/~aleks/MINDS/papers/raid03.pdf

  5. Chakchai, S.: A Survey of Network Traffic Monitoring and Analysis Tools, (2006) (Access date 1 April 2008), http://www.cse.wustl.edu/~cs5/567/traffic/index.html

  6. Ranum, M.: Packet Peekers, Information Security Magazine, p. 28 (2003)

    Google Scholar 

  7. Keshav, T.: A Survey of Network Performance Monitoring Tools (2006)(Access date 1 April 2008), http://www.cs.wustl.edu/~jain/cse567-06/ftp/net_perf_monitors1.pdf

  8. Fortunato, T.: The Technology Firm, web page (2007), http://www.thetechfirm.com/reviews/

  9. Lyon, G.: Top 100 Security Tools, Insecure.org (2006), http://www.insecure.org/tools.html

  10. Bejtlich, R.: The Tao of Network Security Monitoring: Beyond Intrusion Detection, pp. 105–344. Addison-Wesley, Boston (2005)

    Google Scholar 

  11. Vissher, R.: SGUIL (2007) (Access date 2 April 2008) , http://sguil.sourceforge.net/

  12. Combs, G., et al.: wireshark (2008) (Access date 2 April 2008), http://www.wireshark.org/

  13. Zalewski, M.: P0f (2006) (Access date 2 April 2008), http://lcamtuf.coredump.cx/p0f.shtml

  14. Elson, J.: tcpflow (2003) (Access date 2 April 2008), http://www.circlemud.org/~jelson/software/tcpflow

  15. Jacobson, V., et al.: Libpcap (2007) (Access date 2 April 2008), http://www.tcpdump.org/

  16. Jacobson, V., Leres, C., and McCanne, S.: tcpdump (2007) (Access date 2 April 2008), http://www.tcpdump.org/

  17. OPNET ACE Application Characterization Environment (2007) (Access date 2 April 2008), http://www.opnet.com/solutions/brochures/Ace.pdf

  18. Paxon, V.: BRO (2007) (Access date 2 April 2008), http://bro-ids.org/

  19. Computer Associates, eHealth (2008) (Access date 2 April 2008), http://www.ca.com/us/products/product.aspx?ID=5637

  20. Kohler, E.: ipsumdump (2006) (Access date 2 April 2008), http://www.cs.ucla.edu/~kohler/ipsumdump/

  21. Ritter, J.: ngrep (2006) (Access date 2 April 2008), http://ngrep.sourceforge.net/

  22. Combs, G., et al.: editcap/ mergecap (2008) (Access date 2 April 2008), http://www.wireshark.org/

  23. Astashonok, S.: Fprobe (2005) (Access date 2 April 2008), http://sourceforge.net/projects/fprobe

  24. Ostermann, S.: tcptrace (2003) (Access date 2 April 2008), http://www.tcptrace.org/

  25. Deri, L.: ntop (2008) (Access date 2 April 2008), http://www.ntop.org/

  26. Postel, J.: RFC 792 - Internet Control Message Protocol, (1981) (Access date 2 April 2008), http://www.faqs.org/rfcs/rfc792.html

  27. Kreibich, C.: netdude (2007) (Access date 2 April 2008), http://netdude.sourceforge.net/

  28. Fullmer, M.: flow-tools (2005) (Access date 2 April 2008), http://www.splintered.net/sw/flow-tools/docs/flow-tools.html

  29. Walkin, L.: ipcad (2007) (Access date 2 April 2008), http://sourceforge.net/projects/ipcad/

  30. Curry, J.: SANCP (2003) (Access date 2 April 2008), http://www.metre.net/sancp.html

  31. Kernen, T.: Traceroute (2008) (Access date 2 April 2008), http://www.traceroute.org/

  32. Fenner, B.: tcpslice (2002) (Access date 2 April 2008), http://sourceforge.net/projects/tcpslice/

  33. Buyllard, C.: Argus, (2008) (Access date 2 April 2008), http://www.qosient.com/argus

  34. Cho, K., Dittrich, D.: tcpdstat (2000), http://staff.washington.edu/dittrich/talks/core02/tools/tools.html

  35. Naval Research Laboratory, “Handbook for the Computer Security Certification of Trusted Systems”, Technical Memorandum 5540, 062A (1996)

    Google Scholar 

  36. Temmingh, R.: Setiri: Advances in Trojan Technology (2002) (Access date 2 April 2008), http://www.blackhat.com/presentations/bh-asia-02/Sensepost/bh-asia-02-sensepost.pdf

  37. Smith, J.: Covert Shells (2000) (Access date 2 April 2008), http://www.s0ftpj.org/docs/covert_shells.htm

  38. Kieltyka, P.: ICMP Shell (2002) (Access date 3 April 2008), http://sourceforge.net/projects/icmpshell

  39. Borders, K.: Web Tap: Detecting Covert Web Traffic. In: Proceedings of the 11th ACM conference on Computer and communications security, pp. 110–120. ACM, Washington (2004)

    Chapter  Google Scholar 

  40. Northcutt, S., Novak, J.: Network Intrusion Detection, An Analyst’s Handbook, New Riders, Indianapolis, Indiana, pp. 63–65 (2000)

    Google Scholar 

  41. Northcutt, S., Cooper, M., Fearnow, M., Fredrick, K.: Intrusion Signatures and Analysis, New Riders, Indianapolis, Indiana, p. 137 (2001)

    Google Scholar 

  42. Knight, G., et al.: Detecting covert tunnels within the hypertext transfer protocol (2003), http://www.rmc.ca/academic/gradrech/abstracts/2003/ece2003-2_e.html

  43. Castro, S.: Covert Channel and Tunneling over the HTTP protocol Detection: GW implementation theoretical design (2003), http://www.infosecwriters.com/hhworld/cctde.html

  44. Dyatlov, A.: Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over HTTP protocol (2003) (Access date 2 April 2008), http://www.net-security.org/dl/articles/covertpaper.txt

  45. Feamster, N., Balazinska, M., Harfst, G., Balakrishnan, H., Karger, D.: Infranet: Circumventing Web Censorship and Surveillance. In: 11th USENIX Security Symposium, San Francisco, CA (2002)

    Google Scholar 

  46. Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Detecting HTTP Tunnels with Statistical Mechanisms. In: ICC 2007. IEEE International Conference on Communications, pp. 6162–6168 (2007)

    Google Scholar 

  47. Castro, S.: Cctde - Covert Channel and Tunneling Over the HTTP Protocol Detection (2003) (Access date 2 April 2008), http://gray-world.net/projects/papers/html/cctde.html

  48. Vecna. PacketStorm - 007Shell.tgz (1999) (Access date 2 April 2008), http://packetstormsecurity.org/groups/s0ftpj/

  49. Rowland, C.: Covert Channels in the TCP/IP Protocol Suite (1996) (Access date 2 April 2008), http://www.firstmonday.dk/issues/issue2_5/rowland/

  50. Hauser, V.: Reverse-WWW-Tunnel-Backdoor v1.6 (1998) (Access date 2 April 2008), http://packetstormsecurity.org/groups/thc/rwwwshell-1.6.perl

Download references

Author information

Authors and Affiliations

  1. Network Information Operations Section, Defence Research and Development Canada (DRDC),  

    Grant Vandenberghe

Authors
  1. Grant Vandenberghe
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

John R. Goodall Gregory Conti Kwan-Liu Ma

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Vandenberghe, G. (2008). Network Traffic Exploration Application: A Tool to Assess, Visualize, and Analyze Network Security Events. In: Goodall, J.R., Conti, G., Ma, KL. (eds) Visualization for Computer Security. VizSec 2008. Lecture Notes in Computer Science, vol 5210. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85933-8_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85933-8_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85931-4

  • Online ISBN: 978-3-540-85933-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation