Discussions

This is where you can start discussions around security visualization topics.

NOTE: If you want to submit an image, post it in the graph exchange library!

You might also want to consider posting your question or comment on the SecViz Mailinglist!

Discussion Entries

warning: Creating default object from empty value in /usr/www/users/zrlram/secviz/modules/taxonomy/taxonomy.module on line 1387.

Visualizing Packet Captures For Fun and Profit

I wrote a small blog post about AfterGlow and how to visualize packet captures. It gives a few examples on how packet captures can be visualized as link graphs.

I then followed up with a post on Advanced Network Graph Visualization with AfterGlow. In this post I show how you can use some extended capabilities of AfterGlow to read configuration parameters from variables and files in order to influence your network graph's colors, clustering, etc.

Curious to hear your feedback!

CFP: IEEE Network, Special Issue on Computer Network Visualization

Call for Papers

IEEE Network Magazine
http://dl.comsoc.org/livepubs/ni/

Special Issue on Computer Network Visualization, Nov./Dec. 2012 issue

Background

Computer networks are dynamic, growing, and continually evolving. As complexity grows, it becomes harder to effectively communicate to human decision-makers the results of methods and metrics for monitoring networks, classifying traffic, and identifying malicious or abnormal events. Network administrators and security analysts require tools that help them understand, reason about, and make decisions about the information their analytic systems produce. To this end, information visualization and visual analytics hold great promise for making the information accessible, usable, and actionable by taking advantage of the human perceptual abilities. Information visualization techniques help network administrators and security analysts to quickly recognize patterns and anomalies; visually integrate heterogeneous data sources; and provide context for critical events.

Scope

This special issue seeks original articles examining the state of the art, open issues, research results, evaluations of visualization and visual analytic tools, and future research directions in computer network visualization and visual analytics. All submissions should be written to be understandable and appealing to a general audience. Research papers should contain a substantial amount of tutorial content and minimal mathematics. Topics of interest include, but are not limited to:

* Uses of visualization for network status monitoring and situational awareness
* Visualization methods employed in the classification of network traffic and its analysis
* Visualization methods enhancing network intrusion detection and anomaly detection
* Visualization methods for the analysis of network threats (e.g. botnets)
* Visualization methods for the analysis of network routing
* Methods for integrating analytics and visualization together for network analysis tasks
* Methods for visually integrating heterogeneous data sources to support network analysis tasks
* Case studies of open source visualization tools in network analysis tasks
* Evaluations of network visualization tools in situ

Manuscript Submission

Articles should be written in a style comprehensible and appealing to readers outside the speciality of the article. Authors must follow the IEEE Network Magazine guidelines regarding the manuscript and its format. For details, please refer to the "Guidelines for manuscripts" at the IEEE Network Magazine web site at http://dl.comsoc.org/livepubs/ni/info/authors.html. Submitted papers must be original work and must not be under consideration for publication in other venues. Authors should submit their manuscripts in PDF through ScholarOne for IEEE Network Magazine. Choose this special issue from the drop down menu on the submission page. Authors uncertain about the relevance of their paper to this special issue should inquire with the guest editors before submission.

Schedule
Submissions: April 1, 2012
Author notifications: July 1, 2012
Final papers: September 1, 2012
Publication: November 2012

Guest Editors

John Goodall
Oak Ridge National Lab
jgoodall@ornl.gov

John Gerth
Stanford University
gerth@graphics.stanford.edu

Florian Mansmann
University of Konstanz
Florian.Mansmann@uni-konstanz.de

Old Security Visualization Presentations

I just uploaded a number of my old presentations, mainly on security visualization, to slideshare. The link below leads you right to them:

Security Visualization Presentations

There are presentations from a number of conferences:

  • FIT 2008
  • SUMIT 2008
  • VizSec 2008
  • HITB 2008
  • First 2007
  • DefCon 2005

And then there are still the newer presentations that have been there for a while now.

Data Visualization Resources

I teach a data analytics and visualization class every now and then. In the last section of the class I share a number of resources with the students. The Web sites are mainly blogs and generic visualization resources; Not tools.

The following is the list of resources. Have your own favorite visualization resource? Add a comment!

A much longer list of non curated links you can also find on my delicious feed.

AfterGlow Learns to Visualize Splunk Data - Again

AfterGlow now enables Splunk 4.2.x to generate link graphs!

One of the very first Splunk Applications was the AfterGlow for Splunk Addon. Initially it was just a simple search command but then with version 4 of Splunk, the application matured to a full blown Splunk App. Unfortunately, with the introduction of Splunk 4.1 and 4.2, the application got broken. As of earlier this month, however, AfterGlow for Splunk has been fixed and now works with Splunk 4.2.x.

Post your visualizations here in the secviz gallery!

Visual Analytics Maturity Scale

Visual Analytics Maturity Scale

I wrote a new blog entry talking about the maturity scale of visual analytics. The visualization maturity scale can be used to explain a number of issues in the visual analytics space. For example, why aren’t companies leveraging visualization to analyze their data? What are the requirements to implement visual analytics services? Or why don’t we have more visual analytics products?

Unfortunately, we do no have mature visual analytics products yet that really encompass all of the steps in the maturity scale to deliver a great experience to the end user.

Also check out the Maturity Scale for Log Management and Analysis to have a closer look at how log analysis and management play into the visual analytics process.

DEADLINE EXTENDED for "Attack Visualization" Honeynet Project Forensic Challenge #10

The "Attack Visualization" challenge from the HoneyNet Project has been extended until January 22nd 2012!

Happy Visualization!

Content Moderation

You might have noticed that there was quite a bit of SPAM posted to secviz.org lately. No, we haven't been hacked. But we got spammed. The SPAM module I had installed is not the best, so unfortunately, a bunch of spam made it through.

No more! I changed the model of how content can be added to secviz.org. All content is now moderated! I am usually pretty quick with approving content, so it shouldn't be a big impact!

Looking forward to seeing a lot of your new content in my moderation queue!

-Your Admin

"Attack Visualization" Honeynet Project Forensic Challenge #10. Entries close December 18

Forensic Challenge 10 - "Attack Visualization"

Challenge 10 - Attack Visualization (provided by Ben Reardon from Australia Chapter)

Please submit your solution by December 18th 2011 at http://www.honeynet.org/challenge2010.

Results will be announced on 2012, January 31th. For any questions and inquiries, please contact forensicchallenge2010@honeynet.org.

Skill Level: Intermediate

Forensic Challenge 10 takes us back in time, to revisit one of last year’s popular Forensic Challenges (FC5). Although this time around, the goal is to create a visual representation of the attack.

There are no right or wrong answers here, and we are keen to see what can create! If you are constrained by any guidelines, or have ideas that are “out of the box” – that’s fine, we want you to use your imagination and have fun.

The Challenge:
Design and build a visualization that describes the attacks that were analyzed in FC5. Use the three prize winners’ solutions as references and to give you a head start on the data analysis. Use the FC5 dataset to create your FC10 visualization.

As an example, the visualization may have a geographic element, represented as a map, link graphs, histogram, or parallel coordinates, that sheds light on the following:

Where the attacks came from
The volumes of attacks originating from various locations
The success or failure of these attacks
The nature of the attacks. For example which are “primary” and which are the “secondary” phases.
Can the attacks be color coded to describe groups of attacks/attackers?
Use external data sources such as the many freely available geomapping databases.

The output can be anything that you like - from a still image, to interactive flash/java, dynamically updating, dashboard style, magazine infographic, holograms are also accepted.

Judging:
Because data visualization is a very subjective topic, we will have a panel of 3 Honeynet members to judge entries. These panel members have an active interest in the data visualization field in the Honeynet Project. Keep in mind though, the nature of this challenge is not really to find a “winner”, but rather to inspire newcomers into the data visualization field within cybersecurity. If you know anyone who is not in security field , but may enjoy being part of this challenge, please forward this to them – we’d love to get some submissions from people outside the security field.

Points:
The minimum question set that the visualization should address is:

Where do attacks come from? (10 points)
What is the most prolific attack? (5 points)
Which attacks were successful and which failed ? (5 points)
What assumptions were made and what was the reasoning? Don't be afraid to make assumptions! (5 points)
What are the limitations of the visualization? (5 points)
How could you improve the visualization if given more time and resources - e.g. on a future GSOC project? (2 points)
Provide a description of the toolsets and scripts used (10 points)
Bonus points:

Aesthetic appeal and ability to hold the subject's attention (5 points)
Interactivity , eg the ability to drill down, explore, or zoom in on events. (10 points)
Animation, particularly based on a timeline. (10 points)
Creating a visualization which uncovers any trends, observations or artifacts which were not described in the FC5 prize winning solutions. (20 points)
Creating a visualization that tells a story about the data set, threat environment, and the attack. (20 points)
Sources of info:
Hint: take some time and look around for inspiration in data visualization of fields outside of cyber security. Consider how you might apply some of the same concepts and ideas to this dataset.

http://flowingdata.com
http://infosthetics.com
http://datavisualization.ch
http://www.secviz.org
http://www.maxmind.com
http://www.vizsec.org
http://afterglow.sf.net

And of course our recent Google Summer of Code projects:

Honeyviz
Webviz