the cups blog

07-20-11

VizSec2011: Malicious Activity on the Internet

Francesco Roveta, Luca Di Mario, Federico Maggi, Giorgio Caviglia, Stefano Zanero and Paolo Ciuccarelli, “BURN: Baring Unknown Rogue Networks”

The goal of this work is to expose malicious hosts.

The FIRE system focuses on the top four internet threats

  • Malware
  • Botnets
  • Phishing
  • Spam

Authors focus on Autonomous Systems (AS) because targeting individual IPs is challenging.

Authors are using data from Anubis, PhishTank and SpamHaus and feeds it into FIRE to quantify the amount of malicious activity that a AS is involved in. The outcome of this project is that many “shady” ISPs were reported to law enforcement and some ISPs were notified and took action.

Exploring the data in FIRE is challenging. To solve this issue we created BURN (Baring Unknown Rouge Networks) to visualize the data.

BURN is targeted towards both researchers and end users.

BURN provides a Global and a AS view. The Global view uses lots of well thought out graphical visualizations to shows information world wide. In this view information like the size and ongoing state of ASs is shown. If the annalist is interested in a particular AS the can look at a detailed view which also has a bunch of different graphs to see different information features

BURN is currently in private beta.