Visualization and Analysis of Multi-Host Traffic

To find the malware infections, we developed an analysis tool that visualizes hosts and network traffic. This tool displays an animation of traffic patterns which are color-coded according to hosts and network. The system is composed of two modules. One plots third and fourth octets on two-dimensional maps. The other displays octets change on four frames. Then we analyzed a honeynet log, we could easily find three malware scans came from two hosts in same time.

- Yoshiyuki Seino, Hideki Koike, Visualization and Analysis of Multi-Host Traffic, Malware Workshop in conjunction with IPSJ Computer Security Symposium, 2010. (in Japanese)

- Yoshiyuki Seino, Hideki Koike, Traffic Visualization for Malware Analysis, Malware Workshop in conjunction with IPSJ Computer Security Symposium, 2009. (in Japanese)