Page 16 - EURECOM - RA2011GB

Basic HTML Version

IS-SENSE is a EU-funded research
project (FP7) focused on the develop-
ment of visual analytics technologies
for the enhancement of network security. The
project was started in 2010 and will run until
October 2013. EURECOM and SYMANTEC are
closely collaborating in this project, together
with four other experienced partners: Telecom
SudParis (France), CERTH-ITI (Greece), Fraun-
hofer IGD and University of Konstanz (Ger-
The VIS-SENSE project aims at combining
novel visualization and data-mining technolo-
gies to identify complex patterns of abnormal
behaviour. Visual Analytics is an emerging
field that provides technology to combine the
respective strengths of human and electronic
data processing, drawing tools from both the
information-visualization and data-mining
communities. The purpose of using Visual
Analytics for security is behavioral pattern
detection, i.e., searching for and correlating
fingerprints that criminals leave behind in large
amounts of security data.
The specific application areas of VIS-SENSE
range from network information security and
attack attribution to attack prediction and the
detection of BGP hijacking. The main target
groups are security software companies, tel-
ecommunication operators and ISPs, who will
benefit from the project results by incorporat-
ing into their management consoles the next-
generation of security intelligence tools.
One of the application scenarios in VIS-
SENSE focuses on the visualization of various
threat landscapes, such as the spam botnet
ecosystem or the dynamics of web-borne
threats targeting clients in the Internet. For
example, the following figure illustrates one
of the project results, in which spamcampaigns
sent by two different botnets on three consecu-
tive days are tightly interconnected by several
email features, such as the subject lines, the
character set, the host names of the bots and
the URIs embedded in the emails. This kind
of intelligence gives us new insights into the
modus operandi of attackers, in this case, a
better understanding of spammers’ behavior
and their coordinated efforts regarding spam
botnet operations and spam campaigns dis-
Visual Analytics for Security
he use and implementation of security
mechanisms today still require an
important expertise that application
developers often do not possess. Vulnerabili-
ties are for instance introduced into software
out of the only lack of understanding of secu-
rity principles. Moreover, strictly enforcing a
corporate security policy is not always easy in
complex programs and requires understand-
ing the implications of all data manipulation
or exchange operations
In the ANR project CESSA, we investigate the
use of aspect-oriented programming (AOP)
techniques to systematize the application
of security mechanisms and policies into
software. Our work focuses more specifically
on Software-Oriented Architectures (SOAs)
which constitute the latest evolution of large-
scale component-based distributed program-
ming which is vastly used in cloud computing
developments. In this context, aspects are
especially used to modify the handling of
messages defining the services provided. This
aspect-based approach should also enable us
to make program security more modular and
enable an expert to intervene independently
from the application programmer.
We are developing an aspect-oriented
language which makes it possible to describe
the security of complex systems composed of
several interconnected services with extensi-
ble protocols, such as those of the WS-* Web
Services stack or RESTful web services. This
language also defines the code instrumenta-
tion necessary to introduce these security
mechanisms in all parts of the communica-
tion protocol stacks.
The CESSA project is a partnership between
EURECOM, the private sector with SAP and
IS2T, and École des Mines de Nantes.
aspects come to
the rescue for the security
of services!
Focus on…
Visualization of spam campaigns sent by two different botnets (Lethic-Maazben) on three
consecutive days. Multiple email features interconnect them, showing a coordinated effort
by spammers to load balance those spam campaigns.
Graduate school and research center in communication systems