This treemap was generated with the Treemap 4.1 tool from University of Maryland. This is a tutorial that I wrote on how to get to the output, step by step.

As I just commited an option for the Picviz pngcairo plugin to draw curves instead of straight lines.

To me it just looks pretty without anything technically interesting behind it. I guess some people could argue this helps uncovering clusters, maybe... What do you guys think of such ways of playing with parallel coordinates?

The 6th International Workshop on Visualization for Cyber Security (VizSec) will be held October 11, 2009 in Atlantic City, NJ, USA in conjunction with VisWeek 2009.

The deadline for full papers (12 pages) is May 8, 2009. The deadline for short papers (6 pages) is May 22, 2009.

Please see the web site for formatting instructions, templates and information on how to submit your paper.

http://vizsec.org/vizsec2009/

Best,
-john

Take a look at my site www.manntechcomputersinc.com We have developed a visualization tool for pix/asa and snort. It maps ip to geographical locations countries (source or destination), anonymous proxies , sat providers, regions etc. We repsent countries by flags and provide users to add their own icons. I'd be interested to hear what people think....

see http://5thsentinel.wordpress.com/2009/04/01/inappropriate-content-visualization/ for background.

This is similar to the Visio diagram that showed all the inappropriate email attachments that a specific user sent. However a time line was included to better articulate number and time of incidents.

see http://5thsentinel.wordpress.com/2009/04/01/inappropriate-content-visualization/ for background.

This image was created using Visio and shows the flow of an inappropriate email attachment as it flowed from one internal user to another.

The chart represent several hours of conficker's P2P Udp activity, it relates destination address with dest UDP used.

This is my smart analysis about the first 20days of April 2009 ccTLD (country code top level domain) generated by the algorithm used by worm for pseudo random domain name generation.
The following chart show the frequency for each ccTLD. As you can see there is a sort of attractor for some ccTLD such as AG, BO, LC, HN, PE, and TW. A singular point is for DJ ccTLD domain. For more information http://extraexploit.blogspot.com. This kind of analysis I think that is usefull for get evidence as indicator of conficker.c activities inside your corporate network.

Feedback are well come.

Regards

This was made using gheat to generate a nice map of locations sending spam into our spam traps.
This is just the Europe map, for full story go here http://honeynet.org.au/?q=node/41

This was made using gheat to generate a nice map of locations that are attacking our SensorNET.
SensorNET is a set of distributed nepenthes sensors that we set up at the Australian Honeynet Project.

Scans from attacking IP's and network borne malware is captured and analyzed.
These attacks are portrayed on this heatmap.

For full story go here http://honeynet.org.au/?q=node/41