burn: baring unknown rogue networks
DESCRIPTION
Manual analysis of security-related events is still a necessity to investigate non-trivial cyber attacks. This task is particularly hard when the events involve slow, stealthy and large-scale activities typical of the modern cybercriminals' strategy. In this regard, visualization tools can effectively help analysts in their investigations. In this paper, we present BURN, an interactive visualization tool for displaying autonomous systems exhibiting rogue activity that helps at finding misbehaving networks through visual and interactive exploration. Up to seven values are displayed in a single visual element, while avoiding cumbersome and confusing maps. To this end, animations and alpha channels are leveraged to create simple views that highlight relevant activity patterns. In addition, BURN incorporates a simple algorithm to identify migrations of nefarious services across autonomous systems, which can support, for instance, root-cause analysis and law enforcement investigations.TRANSCRIPT
![Page 1: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/1.jpg)
Francesco [email protected]
Politecnico di Milano
Luca Di [email protected]
Politecnico di Milano
Federico [email protected] di Milano
Giorgio [email protected]
Politecnico di Milano
Stefano [email protected] di Milano
Paolo [email protected]
Politecnico di Milano
BURNBARING UNKNOWN ROGUE NETWORKS
La visualizzazione come strumento per analizzareil comportamento dei network malevoli
![Page 2: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/2.jpg)
Francesco [email protected]
Politecnico di Milano
Luca Di [email protected]
Politecnico di Milano
Federico [email protected] di Milano
Giorgio [email protected]
Politecnico di Milano
Stefano [email protected] di Milano
Paolo [email protected]
Politecnico di Milano
BURNBARING UNKNOWN ROGUE NETWORKS
La visualizzazione come strumento per analizzareil comportamento dei network malevoli
![Page 3: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/3.jpg)
![Page 4: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/4.jpg)
Malicious Activity on the Internet
![Page 5: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/5.jpg)
Malicious Activity on the InternetRogue or Fake Software AD/Click Fraud Targeted Attacks Phishing
![Page 6: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/6.jpg)
Malicious Activity on the InternetRogue or Fake Software AD/Click Fraud Targeted Attacks Phishing
Exposing Malicious Hosts
. . .
![Page 7: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/7.jpg)
![Page 8: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/8.jpg)
FIRE: FInding RoguE Networkswww.maliciousnetworks.orgFunded by WOMBAT FP7 EU Project
![Page 9: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/9.jpg)
Four top Internet threats
Funded by WOMBAT FP7 EU Project
![Page 10: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/10.jpg)
Four top Internet threats
![Page 11: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/11.jpg)
Four top Internet threatsMalware
![Page 12: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/12.jpg)
Four top Internet threatsMalware Botnets
![Page 13: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/13.jpg)
Four top Internet threatsMalware Botnets Phishing
![Page 14: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/14.jpg)
Four top Internet threatsMalware Botnets Phishing Spam
![Page 15: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/15.jpg)
Four top Internet threatsMalware Botnets Phishing Spam
![Page 16: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/16.jpg)
Autonomous System (AS)
![Page 17: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/17.jpg)
![Page 18: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/18.jpg)
FIRE: Per-AS Malicious Activity
![Page 19: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/19.jpg)
FIRE: Per-AS Malicious Activity
Activity
Data source
![Page 20: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/20.jpg)
Malware Botnet Phishing Spam
FIRE: Per-AS Malicious Activity
Anubis Anubis PhishTank SpamHaus
Activity
Data source
![Page 21: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/21.jpg)
Malware Botnet Phishing Spam
FIRE: Per-AS Malicious Activity
Anubis Anubis PhishTank SpamHaus
Overall Malicious Score
Many “shady” ISPs exposed Many unaware ISPs helped
Activity
Data source
Outcome
![Page 22: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/22.jpg)
![Page 23: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/23.jpg)
![Page 24: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/24.jpg)
Downside?
![Page 25: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/25.jpg)
Downside?
![Page 26: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/26.jpg)
BURNBARING UNKNOWN ROGUE NETWORKS
La visualizzazione come strumento per analizzareil comportamento dei network malevoli
![Page 27: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/27.jpg)
BURNBARING UNKNOWN ROGUE NETWORKS
La visualizzazione come strumento per analizzareil comportamento dei network malevoli
Visualization and Knowledge Discoveryon top of FIRE
![Page 28: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/28.jpg)
BURNBARING UNKNOWN ROGUE NETWORKS
La visualizzazione come strumento per analizzareil comportamento dei network malevoli
Visualization and Knowledge Discoveryon top of FIRE
aim
![Page 29: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/29.jpg)
BURNBARING UNKNOWN ROGUE NETWORKS
La visualizzazione come strumento per analizzareil comportamento dei network malevoli
Visualization and Knowledge Discoveryon top of FIRE
AcademicsPractitioners aim
![Page 30: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/30.jpg)
BURNBARING UNKNOWN ROGUE NETWORKS
La visualizzazione come strumento per analizzareil comportamento dei network malevoli
Visualization and Knowledge Discoveryon top of FIRE
AcademicsPractitioners
InternetUsersaim
![Page 31: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/31.jpg)
![Page 32: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/32.jpg)
System Overview
![Page 33: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/33.jpg)
![Page 34: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/34.jpg)
Global view
![Page 35: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/35.jpg)
AS view
Global view
![Page 36: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/36.jpg)
AS view
Global viewTimeline
![Page 37: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/37.jpg)
AS view
Global viewTimeline
Activ
ity fil
ter
AS Tracking List
Country filter
![Page 38: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/38.jpg)
AS view
Global viewTimeline
Activ
ity fil
ter
AS Tracking List
Country filter
Bubb
le chart
Geographical map
Trend chart
![Page 39: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/39.jpg)
AS view
Global viewTimeline
Activ
ity fil
ter
AS Tracking List
Country filter
Bubb
le chart
Geographical map
Trend chart
![Page 40: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/40.jpg)
Global view
Bubb
le chart
Geographical map
Trend chart
![Page 41: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/41.jpg)
Global view
Bubb
le chart
Geographical map
Trend chart
![Page 42: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/42.jpg)
Global view
Bubb
le chart
Geographical map
Trend chart
![Page 43: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/43.jpg)
Global view
Bubb
le chart
Geographical map
Trend chart
![Page 44: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/44.jpg)
Global view
Bubb
le chart
Geographical map
Trend chart
![Page 45: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/45.jpg)
Global view
Bubb
le chart
Geographical map
Trend chart
![Page 46: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/46.jpg)
Bubble Chart
![Page 47: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/47.jpg)
Bubble Chart
![Page 48: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/48.jpg)
Bubble Chart
![Page 49: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/49.jpg)
Bubble Chart
![Page 50: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/50.jpg)
Bubble Chart
![Page 51: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/51.jpg)
Geographical Map
![Page 52: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/52.jpg)
Geographical Map
![Page 53: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/53.jpg)
Geographical Map
![Page 54: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/54.jpg)
Geographical Map
![Page 55: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/55.jpg)
Geographical Map
![Page 56: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/56.jpg)
Geographical Map
![Page 57: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/57.jpg)
Trend Chart
![Page 58: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/58.jpg)
Trend Chart
![Page 59: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/59.jpg)
Global view
![Page 60: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/60.jpg)
AS view
![Page 61: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/61.jpg)
AS view
De
tails HistoryMigra
tion
Longevity
![Page 62: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/62.jpg)
AS view
De
tails HistoryMigra
tion
Longevity
![Page 63: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/63.jpg)
History Chart
![Page 64: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/64.jpg)
History Chart
![Page 65: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/65.jpg)
History Chart
![Page 66: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/66.jpg)
![Page 67: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/67.jpg)
Service Longevity Chart
![Page 68: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/68.jpg)
Service Longevity Chart
![Page 69: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/69.jpg)
Service Longevity Chart
![Page 70: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/70.jpg)
Service Longevity Chart
![Page 71: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/71.jpg)
![Page 72: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/72.jpg)
Service Migration Screen
![Page 73: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/73.jpg)
Service Migration Screen
![Page 74: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/74.jpg)
Service Migration Screen
![Page 75: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/75.jpg)
Service Migration Screen
![Page 76: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/76.jpg)
Service Migration Screen
![Page 77: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/77.jpg)
De
tails HistoryMigra
tion
Longevity
AS view
![Page 78: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/78.jpg)
Rogue behavior analysis
![Page 79: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/79.jpg)
Service Migration
![Page 80: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/80.jpg)
Service Migration
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
![Page 81: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/81.jpg)
Service Migration
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$
!"#$%&"'("
)*$"+,"-%
Shutdowns
![Page 82: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/82.jpg)
Service Migration
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$%$&'()*+,-+,().)/$0+
12)3&-45)3&-16)*+7
85
455
!"#$
!"#$%&"'("
)*$"+,"-%
!"#$
!"#$%&"'("
)*$"+,"-%
Shutdowns
Possible Migrations
![Page 83: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/83.jpg)
Service Migration - Details
![Page 84: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/84.jpg)
Service Migration - Details
!"#$
!"#$%&"'("
)*$"+,"-%
!"#$
!"#$%&"'("
)*$"+,"-%Shutdowns
!"#$
!"#$%&"'("
)*$"+,"-%
Possible Migrations
![Page 85: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/85.jpg)
Compatibility Score
![Page 86: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/86.jpg)
Compatibility Score
Source AS Destination AS
![Page 87: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/87.jpg)
Compatibility Score
C&C
Malware
Phishing
Spam
Source AS Destination AS
![Page 88: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/88.jpg)
Compatibility Score
High compatibility
C&C
Malware
Phishing
Spam
Source AS Destination AS
!"#$%&'(')'&*+,+- !"#$%&'(')'&*+,+./-0
!"#$%&%'()$$#'*+,-#.%/%$%.0
12
13
14
154
>
>
>
>
637
64
687
65
137
14
187
15
>
>
>
>
637
64
687
65
!"#$
1234562782
![Page 89: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/89.jpg)
Compatibility Score
C&C
Malware
Phishing
Spam
Source AS Destination AS
!"#$%&'(')'&*+,+- !"#$%&'(')'&*+,+./-0
!"#$%&%'()$$#'*+,-#.%/%$%.0
12
13
14
154
>
>
>
>
637
64
687
65
137
14
187
15
>
>
>
>
637
64
687
65
!"#$
1234562782
Low compatibility
![Page 90: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/90.jpg)
Compatibility Score
C&C
Malware
Phishing
Spam
Source AS Destination AS
!"#$%&'(')'&*+,+- !"#$%&'(')'&*+,+./-0
!"#$%&%'()$$#'*+,-#.%/%$%.0
12
13
14
154
>
>
>
>
637
64
687
65
137
14
187
15
>
>
>
>
637
64
687
65
!"#$
1234562782
Low compatibility
Mi C(j) : Si�AS ⌅⇥ [0, 1]
j ⇤ J =
{phishing,malware, spam, bot}
C(j)(s, d) :=mina�{s,d} �
(j)(a)
maxa�{s,d} �(j)(a),
�(j)min �(j)max �(j)(·)
j
J
Cs,d :=
�j�J C(j)(s, d) · �(j)(s)
�j�J �(j)(s)
Si
j 2 {C&C, Malware, Spam, Phishing}
![Page 91: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/91.jpg)
Compatibility Score
C&C
Malware
Phishing
Spam
Source AS Destination AS
!"#$%&'(')'&*+,+- !"#$%&'(')'&*+,+./-0
!"#$%&%'()$$#'*+,-#.%/%$%.0
12
13
14
154
>
>
>
>
637
64
687
65
137
14
187
15
>
>
>
>
637
64
687
65
!"#$
1234562782
Low compatibility
Mi C(j) : Si�AS ⌅⇥ [0, 1]
j ⇤ J =
{phishing,malware, spam, bot}
C(j)(s, d) :=mina�{s,d} �
(j)(a)
maxa�{s,d} �(j)(a),
�(j)min �(j)max �(j)(·)
j
J
Cs,d :=
�j�J C(j)(s, d) · �(j)(s)
�j�J �(j)(s)
Si
j 2 {C&C, Malware, Spam, Phishing}
Mi C(j) : Si�AS ⌅⇥ [0, 1]
j ⇤ J =
{phishing,malware, spam, bot}
C(j)(s, d) :=mina�{s,d} �
(j)(a)
maxa�{s,d} �(j)(a),
�(j)min �(j)max �(j)(·)
j
J
Cs,d :=
�j�J C(j)(s, d) · �(j)(s)
�j�J �(j)(s)
Si
![Page 92: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/92.jpg)
Tolerance to long-living rogue hosts
![Page 93: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/93.jpg)
Tolerance to long-living rogue hosts
![Page 94: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/94.jpg)
Tolerance to long-living rogue hosts
![Page 95: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/95.jpg)
Tolerance to long-living rogue hosts
![Page 96: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/96.jpg)
![Page 97: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/97.jpg)
AS view
Global viewTimeline
Activ
ity fil
ter
AS Tracking List
Country filter
![Page 98: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/98.jpg)
![Page 99: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/99.jpg)
Timeline and Time Range selection
![Page 100: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/100.jpg)
Timeline and Time Range selection
![Page 101: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/101.jpg)
![Page 102: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/102.jpg)
Activity Filter
![Page 103: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/103.jpg)
Activity Filter
![Page 104: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/104.jpg)
![Page 105: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/105.jpg)
Country Filter
![Page 106: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/106.jpg)
Country Filter
![Page 107: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/107.jpg)
![Page 108: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/108.jpg)
Autonomous System Tracking List
![Page 109: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/109.jpg)
Autonomous System Tracking List
![Page 110: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/110.jpg)
Conclusions
Limitations
Future Work
![Page 111: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/111.jpg)
BURN improves FIRE
Knowledge discovery through data exploration
Academics / Practitioners / Internet users
Conclusions
Limitations
Future Work
![Page 112: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/112.jpg)
BURN improves FIRE
Knowledge discovery through data exploration
Academics / Practitioners / Internet users
Conclusions
Migrations are difficult to validate
Stress feature to avoid cluttered bubble map
Limitations
Future Work
![Page 113: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/113.jpg)
BURN improves FIRE
Knowledge discovery through data exploration
Academics / Practitioners / Internet users
Conclusions
Migrations are difficult to validate
Stress feature to avoid cluttered bubble map
Limitations
BURN is in private beta — DEMO available
Future Work
Bot meta-data from Anubis for migration analysis
Usability study with three target users
![Page 114: BURN: Baring Unknown Rogue Networks](https://reader034.vdocuments.site/reader034/viewer/2022051515/54c6952e4a7959be158b45a3/html5/thumbnails/114.jpg)
Francesco [email protected]
Politecnico di Milano
Luca Di [email protected]
Politecnico di Milano
Federico [email protected] di Milano
Giorgio [email protected]
Politecnico di Milano
Stefano [email protected] di Milano
Paolo [email protected]
Politecnico di Milano
BURNBARING UNKNOWN ROGUE NETWORKS
La visualizzazione come strumento per analizzareil comportamento dei network malevoli