Worm path identification using visualization system

Seiji Shibaguchi; Yuki Nakayama; Ken Ichi Okada

doi:10.1109/CSE.2009.340

Worm path identification using visualization system

Seiji Shibaguchi, Yuki Nakayama, Ken Ichi Okada

Department of Information and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

In this paper, we propose a visualization system for worm investigation, which finds worm origins and worm paths. Although investigation of worms are very important for forensic use and further prevention, it is quite difficult for automatic systems to identify worm origins or paths due to the trade-off between false positives and false negatives. Therefore, we focused on interaction between analysts and connection logs. At first, an automated algorithm is run so that there are no false negatives, and then analysts investigate the result to reduce false positives by visualized system. We aim to solve the trade-off by conducting these two steps. We implemented a prototype and conducted a user experiment to evaluate our system. The results show our system enabled subjects to reduce 90% of false detection by an automated algorithm. Although the results depend on parameters or conditions, we show the effectiveness of our idea.

Original language	English
Title of host publication	Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009 - 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009
Pages	498-503
Number of pages	6
DOIs	https://doi.org/10.1109/CSE.2009.340
Publication status	Published - 2009 Dec 4
Event	2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009 - Vancouver, BC, Canada Duration: 2009 Aug 29 → 2009 Aug 31

Publication series

Name	Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009
Volume	3

Other

Other	2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009
Country/Territory	Canada
City	Vancouver, BC
Period	09/8/29 → 09/8/31

ASJC Scopus subject areas

Computational Theory and Mathematics
Computer Science Applications
Software

Access to Document

10.1109/CSE.2009.340

Cite this

Shibaguchi, S., Nakayama, Y., & Okada, K. I. (2009). Worm path identification using visualization system. In Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009 - 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009 (pp. 498-503). [5283066] (Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009; Vol. 3). https://doi.org/10.1109/CSE.2009.340

Worm path identification using visualization system. / Shibaguchi, Seiji; Nakayama, Yuki; Okada, Ken Ichi.

Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009 - 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009. 2009. p. 498-503 5283066 (Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009; Vol. 3).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Shibaguchi, S, Nakayama, Y & Okada, KI 2009, Worm path identification using visualization system. in Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009 - 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009., 5283066, Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 498-503, 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009, Vancouver, BC, Canada, 09/8/29. https://doi.org/10.1109/CSE.2009.340

Shibaguchi S, Nakayama Y, Okada KI. Worm path identification using visualization system. In Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009 - 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009. 2009. p. 498-503. 5283066. (Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009). doi: 10.1109/CSE.2009.340

Shibaguchi, Seiji ; Nakayama, Yuki ; Okada, Ken Ichi. / Worm path identification using visualization system. Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009 - 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009. 2009. pp. 498-503 (Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009).

@inproceedings{0240026710b142deae7b3c73d6a2d957,

title = "Worm path identification using visualization system",

abstract = "In this paper, we propose a visualization system for worm investigation, which finds worm origins and worm paths. Although investigation of worms are very important for forensic use and further prevention, it is quite difficult for automatic systems to identify worm origins or paths due to the trade-off between false positives and false negatives. Therefore, we focused on interaction between analysts and connection logs. At first, an automated algorithm is run so that there are no false negatives, and then analysts investigate the result to reduce false positives by visualized system. We aim to solve the trade-off by conducting these two steps. We implemented a prototype and conducted a user experiment to evaluate our system. The results show our system enabled subjects to reduce 90% of false detection by an automated algorithm. Although the results depend on parameters or conditions, we show the effectiveness of our idea.",

author = "Seiji Shibaguchi and Yuki Nakayama and Okada, {Ken Ichi}",

year = "2009",

month = dec,

day = "4",

doi = "10.1109/CSE.2009.340",

language = "English",

isbn = "9780769538235",

series = "Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009",

pages = "498--503",

booktitle = "Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009 - 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009",

note = "2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009 ; Conference date: 29-08-2009 Through 31-08-2009",

}

TY - GEN

T1 - Worm path identification using visualization system

AU - Shibaguchi, Seiji

AU - Nakayama, Yuki

AU - Okada, Ken Ichi

PY - 2009/12/4

Y1 - 2009/12/4

N2 - In this paper, we propose a visualization system for worm investigation, which finds worm origins and worm paths. Although investigation of worms are very important for forensic use and further prevention, it is quite difficult for automatic systems to identify worm origins or paths due to the trade-off between false positives and false negatives. Therefore, we focused on interaction between analysts and connection logs. At first, an automated algorithm is run so that there are no false negatives, and then analysts investigate the result to reduce false positives by visualized system. We aim to solve the trade-off by conducting these two steps. We implemented a prototype and conducted a user experiment to evaluate our system. The results show our system enabled subjects to reduce 90% of false detection by an automated algorithm. Although the results depend on parameters or conditions, we show the effectiveness of our idea.

AB - In this paper, we propose a visualization system for worm investigation, which finds worm origins and worm paths. Although investigation of worms are very important for forensic use and further prevention, it is quite difficult for automatic systems to identify worm origins or paths due to the trade-off between false positives and false negatives. Therefore, we focused on interaction between analysts and connection logs. At first, an automated algorithm is run so that there are no false negatives, and then analysts investigate the result to reduce false positives by visualized system. We aim to solve the trade-off by conducting these two steps. We implemented a prototype and conducted a user experiment to evaluate our system. The results show our system enabled subjects to reduce 90% of false detection by an automated algorithm. Although the results depend on parameters or conditions, we show the effectiveness of our idea.

UR - http://www.scopus.com/inward/record.url?scp=70849118929&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70849118929&partnerID=8YFLogxK

U2 - 10.1109/CSE.2009.340

DO - 10.1109/CSE.2009.340

M3 - Conference contribution

AN - SCOPUS:70849118929

SN - 9780769538235

T3 - Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009

SP - 498

EP - 503

BT - Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009 - 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009

T2 - 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009

Y2 - 29 August 2009 through 31 August 2009

ER -

Worm path identification using visualization system

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this