Vis sense cluster meeting

www.vis-sense.euNo. 257495

Visual Analytic Representation of Large Datasets for Enhancing Network Security

James DaveyFraunhofer Institute for Computer Graphics Research IGDFraunhoferstraße 564283 Darmstadt

Phone +49 6151 155-655 | Fax -139james.davey@igd.fraunhofer.dewww.igd.fraunhofer.de/igd-a3

VIS-SENSE Organisation

6 partners from 4 countries:

� Fraunhofer IGD (Germany) – Coordinator

� CERTH / ITI (Greece)

� Institut EURECOM (France)

� Institut Telecom (France)

� Symantec Ltd. (Ireland)

� University of Konstanz (Germany)

Topic:

Grant Agreement:

Time Frame:

Budget:

Technology and Tools for Trustworthy ICT (2009.1.4)

STREP – 257495

01.10.2010 until 30.09.2013

3,32 million euro / 2.35 million euro EU contribution

Root-Cause Analysis

Use Case: Root-Cause AnalysisUse Case: Root-Cause Analysis

Overview over the Internet threat landscapeOverview over the Internet threat landscape

Zooming OutZooming Out

Overview – Zooming Out

Features in an interactive map:

�Position,

�Area,

�Street hierarchy,

�Etc.

Our Features:

�I.P. addresses,

�Server names,

�Email addresses,

�Keyword sets,

�Distributions,

�Timestamps,

�Etc.

Features in an interactive map:

�Grouping is easy and unambiguous

Our Features:

�Grouping is difficult

�Grouping is ambiguous

�We need some definition of distance or similarity

Similarity Models

The TRIAGE (1) approach

� Clustering based on Multi-Criteria Decision Analysis (MCDA)

� Automatic grouping of elements likely to share the same root causes

Per feature

Graph-based representation

Multi-criteria

Aggregation

(data fusion)

Multi-Dimensional

Clusters (MDC’s)

Events

Features

Selection

1) Triage (med.): process of prioritizing patients based on the severity of their condition

Definitions

Entities

Features

Similarity – Models for Similarity

Per Feature Similarity Example – Real Numbers

Grouping with respect to different features

Aggregate Similarity Example

An example of Rogue AV campaign

Registration date

750 domains registered over a span of 8 months

/24 network of web server

Domain name

Registrant email

- domain name patterns- use of whois privacy

protection services

Rustock

Unclassified

Cutwail

Subject keywords

Spam event

Bot name

Spam BotnetsInter-relationships

Mega-D

Thanks for Your Attention

James DaveyFraunhofer IGDFraunhoferstraße 564283 Darmstadt

Tel +49 6151 155 – 655 | Fax – 139james.davey@igd.fraunhofer.dewww.igd.fraunhofer.de/igd-a3

Vis sense cluster meeting

Education

AGRICULTURAL EXTENSION VIS-A-VIS EMERGING …

LAMBDA 850/950/1050 UV/Vis and UV/Vis/NIR … UV/Vis and UV/Vis/NIR Spectrophotometers 850/950/1050 WHY ... UV/Vis/NIR spectrophotometer with ... Common Beam Mask

Lifestyle & Cultural Differences: Japan vis-à-vis Canada

HYPERLINKING VIS-À-VIS COPYRIGHT VIOLATION IN CYBERSPACEshodhganga.inflibnet.ac.in/bitstream/10603/113328/7/chapter iv.pdf · HYPERLINKING VIS-À-VIS COPYRIGHT VIOLATION IN CYBERSPACE

Micronutrients Deficiencies vis-a-vis Food and … Deficiencies vis-a-vis... · Micronutrients Deficiencies vis-a-vis Food and Nutritional Security of India ... as produce quality

CID Accomplishment Vis-A Vis DEDP 2016 (1)

DTI Fiber Clustering and Cross-subject Cluster …cs.brown.edu/research/vis/docs/pdf/Zhang-2005-DFC.pdfDTI Fiber Clustering and Cross-subject Cluster Analysis S. Zhang 1, D. H. Laidlaw

GENDER EQUALITY VIS- A`-VIS PERSONAL LAWS - …ijlljs.in/.../07/Gender_Equality_vis_a_vis_personal_laws_to_send-1.pdf · GENDER EQUALITY VIS- A`-VIS PERSONAL LAWS ... of gender equality

EAST BAY VIS VIS VIS JULY MOD MOD MOD SJMOD IE IE IE IE RC RC RC SJ SJ SJ VIS VIS VIS VIS LAN LAN EAST BAY AFFILIATE NORTH DIVISION SOUTH DIVISION MOD - MODESTO NUTS SJ - SAN JOSE

The European Union Vis-A-Vis Brazil And

DEVELOPMENT OF CLUSTER THEORY BIBLIOGRAPHY STUDYdydaktyka.polsl.pl/roz5/konfer/english/wyd/2014/1/R_13.pdf · The term ‘cluster’ in the economic sense was first used by Michael

Grade 11 Cluster I: Number Sense, Concepts, and Applications HSPA Corr.pdf · Grade 11 Cluster I: Number Sense, Concepts, and Applications Macro Knowledge/Skills Interactive Mathematics

THE IDENTIFICATION OF EIGHTEEN PRECURSOR miRNA … · The miR-5070 was identified as sense and anti-sense cluster and 81 protein targets were identified for pre-miRNA clusters. These

vis à vis - the language of imagination

Vincent Bonnefille - Résitance rétinienne 2014 -vis-a-vis

Buddhism Vis a Vis Hinduism

domus del vis a vis

Utility vis-à-vis Validity - nciea.org vis-a... · DePascale & Betebenner, IAEA 2015, Utility vis-à-vis Validity 3 Messick further categorizes these four facets based on the source

Espectroscopia(s) Lei de Beer Absorção UV - Vis. Absorção UV - Vis. Luminiscencia UV - Vis. Luminiscencia UV - Vis. InfraVermelho InfraVermelho N.M.R

15.5 SSPC VIS 1 15.6 SSPC VIS 3 15.7 SSPC VIS 4 - NACE VIS 7 15.8 SSPC VIS 5 - NACE VIS 9 Abrasive Blast Cleaning 1 Introduction 1.1 General Overview 1.2 Basic Corrosion 1.3 Mill Scale