Visualization and Analysis of Multi-Host Traffic


To find the malware infections, we developed an analysis tool that visualizes hosts and network traffic. This tool displays an animation of traffic patterns which are color-coded according to hosts and network. The system is composed of two modules. One plots third and fourth octets on two-dimensional maps. The other displays octets change on four frames. Then we analyzed a honeynet log, we could easily find three malware scans came from two hosts in same time.


- Yoshiyuki Seino, Hideki Koike, Visualization  and Analysis of Multi-Host Traffic, Malware Workshop in conjunction with IPSJ Computer Security Symposium, 2010. (in Japanese)


Yoshiyuki Seino, Hideki Koike, Traffic Visualization for Malware Analysis, Malware Workshop in conjunction with IPSJ Computer Security Symposium, 2009. (in Japanese)


Comments