Discovery of next-generation targeted computer viruses using visualization and machine learning.
Most network intrusion detection systems are designed to discover malicious activity by looking at high level message properties such as message length and destination. But how do can we detect computer viruses that are specifically designed to for instance destroy a nuclear reactor, disable New York Times, or take down the German parliament? These highly complex viruses (also known as Advanced Persistent Threats), circumvent current anti-virus software by hiding their malicious activity in the content of the network messages. In SpySpot, we investigate how we can detect these viruses by taking this content into account by combining machine learning and visualization into one system. A demo of the system can also be found on YouTube.
- SNAPS: Semantic Network traffic Analysis through Projection and Selection
B. C. M. Cappers and J. J. van Wijk, "SNAPS: Semantic network traffic analysis through projection and selection," Visualization for Cyber Security (VizSec), 2015 IEEE Symposium on, Chicago, IL, 2015, pp. 1-8.
- Understanding the Context of Network Traffic Alerts
B. C. M. Cappers and J. J. van Wijk, "Understanding the context of network traffic alerts," 2016 IEEE Symposium on Visualization for Cyber Security (VizSec), Baltimore, MD, USA, 2016, pp. 1-8.