Add Post   Gallery
This is a community portal. Sign up on the left and start posting about analytics and visualization of security data.

 


 

Picviz curves

Picviz curves

As I just commited an option for the Picviz pngcairo plugin to draw curves instead of straight lines.

To me it just looks pretty without anything technically interesting behind it. I guess some people could argue this helps uncovering clusters, maybe... What do you guys think of such ways of playing with parallel coordinates?

VizSec 2009 - submission deadline approaching

The 6th International Workshop on Visualization for Cyber Security (VizSec) will be held October 11, 2009 in Atlantic City, NJ, USA in conjunction with VisWeek 2009.

The deadline for full papers (12 pages) is May 8, 2009. The deadline for short papers (6 pages) is May 22, 2009.

Please see the web site for formatting instructions, templates and information on how to submit your paper.

http://vizsec.org/vizsec2009/

Best,
-john

Sphere Of Influence

Take a look at my site www.manntechcomputersinc.com We have developed a visualization tool for pix/asa and snort. It maps ip to geographical locations countries (source or destination), anonymous proxies , sat providers, regions etc. We repsent countries by flags and provide users to add their own icons. I'd be interested to hear what people think....

Screen Shot Sphere of Influence

Inappropriate Email Investigation - with time line

Inappropriate Email Investigation - with time line

see http://5thsentinel.wordpress.com/2009/04/01/inappropriate-content-visualization/ for background.

This is similar to the Visio diagram that showed all the inappropriate email attachments that a specific user sent. However a time line was included to better articulate number and time of incidents.

Inappropriate Email Investigation - Attachment Flow

Inappropriate Email Investigation - Attachment Flow

see http://5thsentinel.wordpress.com/2009/04/01/inappropriate-content-visualization/ for background.

This image was created using Visio and shows the flow of an inappropriate email attachment as it flowed from one internal user to another.

Conficker.C UDP P2P Traffic

The chart represent several hours of conficker's P2P Udp activity, it relates destination address with dest UDP used.

Conficker.C UDP P2P Traffic

conficker.c - ccTLD attractor

This is my smart analysis about the first 20days of April 2009 ccTLD (country code top level domain) generated by the algorithm used by worm for pseudo random domain name generation.
The following chart show the frequency for each ccTLD. As you can see there is a sort of attractor for some ccTLD such as AG, BO, LC, HN, PE, and TW. A singular point is for DJ ccTLD domain. For more information http://extraexploit.blogspot.com. This kind of analysis I think that is usefull for get evidence as indicator of conficker.c activities inside your corporate network.

Feedback are well come.

Regards

conficker.c - ccTLD attractor

heatmap_spam_eu.jpg

heatmap_spam_eu.jpg

This was made using gheat to generate a nice map of locations sending spam into our spam traps.
This is just the Europe map, for full story go here http://honeynet.org.au/?q=node/41

heatmap_sensornet.jpg

heatmap_sensornet.jpg

This was made using gheat to generate a nice map of locations that are attacking our SensorNET.
SensorNET is a set of distributed nepenthes sensors that we set up at the Australian Honeynet Project.

Scans from attacking IP's and network borne malware is captured and analyzed.
These attacks are portrayed on this heatmap.

For full story go here http://honeynet.org.au/?q=node/41

Inappropriate Email Investigation - From User 46

Inappropriate Email Investigation - From User 46

see http://5thsentinel.wordpress.com/2009/04/01/inappropriate-content-visualization/ for background.

This was done manually in Visio and shows emails sent by a specific user to recipients that contained inappropriate content.