worked up a cisco asa parser for gltail ( http://www.fudgie.org/ ) to do firewall movies specific to cisco.
I'll submit to the ruby project for gltail, but if anyone wants it email me at firstname.lastname@example.org.
Title: Applied Security Visualization
Author: Raffael Marty
Source: Addison Wesley Professional
Publication Date: July 2008 (estimated)
'....As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using today's state-of-the-art data visualization techniques, you can gain a far deeper understanding of what's happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed.
In Applied Security Visualization, leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. You'll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance. He concludes with a thorough introduction to DAVIX, today's leading toolset for security visualization.
Read the complete article.
Graph of a Nessus scan as seen by Snort and Prelude LML using pig
Graph of a Saint scan as seen by Snort and Prelude LML using pig
Prelude IDMEF Grapher (PIG) shows IDMEF data on a multi-axes view for graphical alerts analysis. This graph shows what was displayed performing a scan using the Retina software. Snort and Prelude LML (log analysis) send their alerts to the prelude manager that we connect to using pig.
Next, a plot of the same data using the destination port number over time points to obvious port scanning in the form of diagonal lines as well as odd patterns that sync with the previous destination IP address plot.
When you plot the destination IP address as an integer over time, many interesting patterns are highlighted. Even more interesting than the horizontal patterns indicating continuous traffic to specific IP addresses are the vertical clusters with regularly repeating frequencies.
The full and short paper deadline for VizSec has been extended. The new deadlines are:
April 21, 2008 : Deadline for full paper submission
May 19, 2008 : Deadline for short paper submissions
July 18, 2008 : Deadline for poster and demo abstracts
The Keynote speaker at VizSec will be Ben Shneiderman, speaking on the topic Information Forensics: Harnessing visualization to support discovery. Ben Shneiderman is a Professor in the Department of Computer Science, Founding Director (1983-2000) of the Human-Computer Interaction Laboratory, and Member of the Institute for Advanced Computer Studies at the University of Maryland at College Park. He was made a Fellow of the ACM in 1997, elected a Fellow of the American Association for the Advancement of Science in 2001, and received the ACM CHI (Computer Human Interaction) Lifetime Achievement Award in 2001.
Full and short papers will be published by Springer Lecture Notes in Computer Science (LNCS) in the VizSec 2008 Proceedings.
Formatting and submission instructions are on the web site: http://vizsec.org/workshop2008
Two gnuplot bar graphs, one showing byte value counts of a binary file and the other showing the encrypted version of that same file.