VizSec 2010 - International Symposium on Visualization for Cyber Security

International Symposium on Visualization for Cyber Security (VizSec)
14 Sept 2010
Ottawa Canada
Co-Located the Internat’l Symposium on Recent Advances in Intrusion Detection
http://www.vizsec2010.org/

The International Symposium on Visualization for Cyber Security (VizSec) brings together researchers and practitioners in information visualization to provide opportunities for the two communities to collaborate and share insights about meeting security needs through visualization approaches.
VizSec 2010 will be held on September 14th in Ottawa, Canada and is co-located with 11th International Symposium on Recent Advances in Intrusion Detection (RAID). This year our focus is on understanding what makes effective visual interfaces for different cyber security tasks.

Papers offering novel contributions in security visualization are solicited. Papers may present techniques, applications, practical experience, theory, or experiments and evaluations. Papers are encouraged on technologies and methods that have been demonstrated to be useful for improving information systems security and that address lessons from actual application.

Information regarding submission dates will be available on the website.

AfterGlow

Hi , im an apprentice to Sec Viz technology.
I used Afterglow to do some visualizing. i need to know how to do aggregation in that.Though I used the coding in Raffy's book, I couldn't make it. I am using the DAVIX and it's sample.properties file.The code that I have used was

color=”yellow” if (field() =~ /ˆ111\.222\..*/);
color.event=”green” if ($fields[1]<1024)
color.sourcetarget="blue"
cluster.target=regex_replace("(\\d\+)\\.\\d+")."/8"
if ($fields[1] eq "80")

Is this Ok? I don't get a different output .Pls let me know where have i gone wrong...

Cheers!!!
SmP.

Pkviz: Packet Visualizer / Animator tool Available for Download (Mac OS X)

Pkviz: Packet Visualizer / Animator tool Available for Download (Mac OS X)

Per my earlier packet visualizer post, I have an app available for Mac OS X users to download. You can grab it here:

http://sintixerr.wordpress.com/pkviz-packet-visualizer-and-animator/

The app takes tcpdump ascii-hex output (the -X option) and animates through all the packets in a file. It splits the packets into bytes, with position in the packet providing the X axis values and byte value in a given position providing the Y values. You can select a window of packets to display at once (defaults to 30) to see patterns over time. If packet headers are more interesting than payload, there is an option to expand the proportion of space taken by header data so it's easier to see. There are also options to pause the animation, move fwd and back one packet at a time, and jump to specific packts. Finally, if you want to look at the base data for a given packet, you can display the packet in hex.

Right now, I've found there's a rough top limit of 3000 packets, but it really depends on your machine.

Treemaps for Windows firewall log

Does anyone have a parser for using Windows firewall logs with Treemap???

Augmented Reality

Augmented Reality

Augmented Reality - The next step in security Visualization

We've been playing around with augmented reality for a time now, the technology seems to be on a tipping point with iphone (not just the overlay - not truly AR, but they do have true AR apps) , android and other forms of capture and processing. To me this is the future of security visualization. I know it is a bold statement to make, but when you start to develop and delve deeper the possiblilities are endless. If you look at my site you will see the direction of our research. ( http://www.manntechcomputersinc.com/Researching_Now.html ) Im going to release a video asap of where we are with our AR. I think the subject of security AR is too important to completely commercialize. With that respect any "breakthrough's" that we are having will be made open source. If some of you are new to the AR scene there is a good open source tool called artoolkit. Google it and you will see it doesn't take an hour to start playing and testing with AR. For those of you interested please drop me a line at darrenmanners@manntechcomputersinc.com.

Augmented Reality

Animated Network Packet Structure Visualization

Animated Network Packet Structure Visualization

So I'm almost ready to release a tool that reads/parses ascii tcpdump logs and animates visualizations the structure of the packets in the file in sequence. You can find a video of it here:

http://www.flickr.com/photos/sintixerr/4094209162/

(Try it HD, full screen)

The packets are laid out left to right, from byte 0 to byte 1500ish. The Y axis is based on the value seen in a given position in the packet (0-255). Colors are based on a combination of "value in position difference from average" and "first byte of the source IP". (Although this will eventually be somewhat customizable...it's just what I have in there now.) The app then displays the packets over time....using a window of 1-N packets at a time (depending on the dataset, different windows help you see patterns you wouldnt otherwise). The further back in the window a packet is, the more transparent/faded it is.....this helps distinguish between newer/older packets being seen as well as to help with smoother animations of patterns seen. The app will let you stop the animation at a given point, change how many packets are seen on the fly (so, if you want to see 1 at a time, you can), step manually through the packets (backward or forward). At some point, I hope to be able to show what value/position combination each of the dots represent if you hover over them.

For me, I use this to get in idea of the boundaries of protocols I dont know, look for "unusual" packets, and look for correlations I wasnt previously aware of between values.

(In this set, the far left will be the TCP/IP headers, but the bulk right of that is payload...you can tell most of the payload is human-headable...the values fall into ASCII ranges more than anything else)

http://sintixerr.wordpress.com

Mac Screensaver

Mac Screensaver

Team Cymru launched a Mac OS X screensaver that displays a global infection map on a rotating globe, together with a RSS and Twitter Feed. http://www.team-cymru.org/News/Screensaver/

youtube movie

youtube movie

Hi all, Team Cymru has posted a movie of some of the visualizations we've made on youtube. www.youtube.com/watch?v=8IBy87mVpcw
This movie shows DDoS attacks, botnet command and control servers, malware relationships and similar visualizations.
Other visualizations that might be of interest :
www.team-cymru.org/Monitoring/Malevolence/irccnc.html
www.team-cymru.org/Monitoring/Malevolence/maps.html
Heatmap animation of worldwide compromised machines

Marcel

Circos - Inappropriate Email Content Investigation

Circos - Inappropriate Email Content Investigation

Mapping links between users sending inappropriate content via emails using Circos
fifth.sentinel