What is BURN

Manual analysis of security-related events is still a necessity to investigate non-trivial cyber attacks. This task is particularly hard when the events involve slow, stealthy and large-scale activities typical of the modern cybercriminals’ strategy. In this regard, visualization tools can effectively help analysts in their investigations. In this paper, we present BURN, an interactive visualization tool for displaying autonomous systems exhibiting rogue activity that helps at finding misbehaving networks through visual and interactive exploration. Up to seven values are displayed in a single visual element, while avoiding cumbersome and confusing maps. To this end, animations and alpha channels are leveraged to create simple views that highlight relevant activity patterns. In addition, BURN incorporates a simple algorithm to identify migrations of nefarious services across autonomous systems, which can support, for instance, rootcause analysis and law enforcement investigations.

DEMO

An implementation of BURN in Adobe Flash 10 is currently in private testing phase at http://burn.vplab.elet.polimi.it. If you want to give it a try and send us some feedback, please request access.

Publications

• Francesco Roveta, Luca Di Mario, Federico Maggi, Giorgio Caviglia, Stefano Zanero, Paolo Ciuccarelli BURN: Baring Unknown Rogue Networks PDF In the proceedings of the 8th International Symposium on Visualization for Cyber Security (VizSec 2011). Pittsburgh, PA, US. Best paper award