Countering network level denial of information attacks using information visualization

Conti, Gregory John

27 March 2006

We are besieged with information every day, our inboxes overflow with spam and our search queries return a great deal of irrelevant information. In most cases there is no malicious intent, just simply too much information. However, if we consider active malicious entities, the picture darkens. Denial of information (DoI) attacks assail the human through their computer system and manifest themselves as attacks that target the human's perceptual, cognitive and motor capabilities. By exploiting these capabilities, attackers reduce our ability to acquire and act upon desired information. Even if a traditional denial of service attack against a machine is not possible, the human utilizing the machine may still succumb to DoI attack. When successful, DoI attacks actively alter our decision making, often without our knowledge. In this dissertation, we address the problem of countering DoI attacks. We begin by presenting a taxonomy and framework of DoI attacks and countermeasures to add structure to the problem space. We then closely examine the use of information visualization as a countermeasure. Information visualization is a powerful technique that taps into the high bandwidth visual recognition capability of the human and is well suited to resist DoI attack. Unfortunately, most information visualization systems are designed without a clear emphasis on protecting the human from malicious activity. To address this issue we present a general framework for information visualization system security analysis. We then delve deeply into countering DoI in the network security domain using carefully crafted information visualization techniques to build a DoI attack resistant security visualization system. By creating such a system, we raise the bar on adversaries who now must cope with visualization enhanced humans in addition to traditional automated intrusion detection systems and text-based analysis tools. We conclude with a human-centric evaluation to demonstrate our systems effectiveness.

Computer security

Attacking information visualization

Rumint

Information visualization

Denial of information

Evaluating information visualization

Network visualization

Automatic identification and removal of low quality online information

Webb, Steve

17 November 2008

The advent of the Internet has generated a proliferation of online information-rich environments, which provide information consumers with an unprecedented amount of freely available information. However, the openness of these environments has also made them vulnerable to a new class of attacks called Denial of Information (DoI) attacks. Attackers launch these attacks by deliberately inserting low quality information into information-rich environments to promote that information or to deny access to high quality information. These attacks directly threaten the usefulness and dependability of online information-rich environments, and as a result, an important research question is how to automatically identify and remove this low quality information from these environments. The first contribution of this thesis research is a set of techniques for automatically recognizing and countering various forms of DoI attacks in email systems. We develop a new DoI attack based on camouflaged messages, and we show that spam producers and information consumers are entrenched in a spam arms race. To break free of this arms race, we propose two solutions. One solution involves refining the statistical learning process by associating disproportionate weights to spam and legitimate features, and the other solution leverages the existence of non-textual email features (e.g., URLs) to make the classification process more resilient against attacks. The second contribution of this thesis is a framework for collecting, analyzing, and classifying examples of DoI attacks in the World Wide Web. We propose a fully automatic Web spam collection technique and use it to create the Webb Spam Corpus -- a first-of-its-kind, large-scale, and publicly available Web spam data set. Then, we perform the first large-scale characterization of Web spam using content and HTTP session analysis. Next, we present a lightweight, predictive approach to Web spam classification that relies exclusively on HTTP session information. The final contribution of this thesis research is a collection of techniques that detect and help prevent DoI attacks within social environments. First, we provide detailed descriptions for each of these attacks. Then, we propose a novel technique for capturing examples of social spam, and we use our collected data to perform the first characterization of social spammers and their behaviors.

Denial of information

Email spam

Web spam

Social spam

Applied machine learning

Information security

Spam filtering (Electronic mail)

World Wide Web

Online social networks

Computer networks Security measures