Visual Analysis of Program Flow Data with Data Propagation

  • Ying Xia
  • Kevin Fairbanks
  • Henry Owen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5210)

Abstract

Host based program monitoring tools are an essential part of maintaining proper system integrity due to growing malicious network activity. As systems become more complicated, the quantity of data collected by these tools often grows beyond the ability of analysts to easily comprehend in a short amount of time. In this paper, we present a method for visual exploration of a system program flow over time to aid in the detection and identification of significant events. This allows automatic accentuation of programs with irregular file access and child process propagation, which results in more efficient forensic analysis and system recovery times.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ring, S., Esler, D., Cole, E.: Self Healing Mechanisms for Kernel System Compromises. In: Proceedings of the 1st ACM SIGSOFT workshop on Self-managed systems. ACM press, New York (2004)Google Scholar
  2. 2.
    Grizzard, J., Owen, H.: On a μ-kernel Based System Architecture Enabling Recovery from Rootkits. In: Proceedings of the First IEEE International Workshop on Critical Infrastructure Protection, Darmstadt, Germany (2005)Google Scholar
  3. 3.
    Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A Sense of Self for Unix Processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy (1996)Google Scholar
  4. 4.
    Xia, Y., Fairbanks, K., Owen, H.: A Program Behavior Matching Architecture for Probabilistic File System Forensics. In: ACM SIGOPS Operating Systems Review special issue on Computer Forensics (April 2008)Google Scholar
  5. 5.
    Prefuse: Information Visualization Toolkit, http://prefuse.org/doc/faq
  6. 6.
    Balzer, M., Noack, A., Deussen, O., Lewerentz, C.: Software Landscapes: Visualizing the Structure of Large Software Systems. In: Proceedings of the IEEE TCVG Symposium on Visualization, Konstanz, Germany (2004)Google Scholar
  7. 7.
    Bohnet, J., Dollner, J.: Visual Exploration of Function Call Graphs for Feature Location in Complex Software Systems. In: Proceedings of the 2006 ACM symposium on Software Visualization, Brighton, United Kingdom (2006)Google Scholar
  8. 8.
    Dornseif, M., Holz, T., Klein, C.: NoSEBrEaK, Attacking Honeynets. In: Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC (2004)Google Scholar
  9. 9.
    Abdullah, K., Lee, C., Conti, G., Copeland, J., Stasko, J.: IDS Rainstorm: Visualizing IDS Alarms. In: Visualization for Computer Security, VizSec 2005 (2005)Google Scholar
  10. 10.
    Takada, T., Koike, H.: Tudumi: Information visualization system for monitoring and auditing computer logs. In: Proceedings of Information Visualization (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Ying Xia
    • 1
  • Kevin Fairbanks
    • 1
  • Henry Owen
    • 1
  1. 1.Georgia Institute of Technology 

Personalised recommendations