Add Post   Gallery
This is a community portal. Sign up on the left and start posting about analytics and visualization of security data.

 


 

FileZilla Afterglow

FileZilla Afterglow

Made from FileZilla log. The IP addresses are fictional!

Drupal Afterglow

Drupal Afterglow

Transform Drupal log to a picture. This is a part of the whole picture. The IP addresses are fictional!

Visual Analytics – Delivering Actionable Security Intelligence

At the end of August, I will be teaching a visualization workshop in Iceland. The workshop is part of the Nordic Security Conferene.
The workshop has gotten quite a face lift. The visualization module was updated a lot to include more on graphs and visuals, as well as a little bit more on visualization theory that is immediately applicable to your every day security visualizations. I am introducing many more visualization tools in a hands-on fashion and I am, for the first time, going to teach a module on big data: Hadoop, Riak, Mongo, Flume, etc. What do they have to do with security intelligence and security monitoring? Come and explore the topic with me!

Sign up today!

youtube-3d-attatck-path-visualization.PNG

youtube-3d-attatck-path-visualization.PNG

3D Visualization of Attack and Exploit Paths

I recently posted some new video’s to Tenable’s Youtube channel about how to visualize network attack and exploit paths in 3D. The videos are located on this playlist. They make use of data from Tenable’s Nessus and the Passive Vulnerability Scanner products to identify exploitable internet facing systems, exploitable internet browsing clients and exploitable clients that are trusted by servers. There is also a blog post and white paper on this sort of 3D analysis on the Tenable blog.

youtube-3d-attatck-path-visualization.PNG

VizSec 2012

VizSec 2012 will be held in mid-October as part of VisWeek in Seattle. When we know the exact date, we will update the web site. Papers are due July 1.

The International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization techniques. Co-located this year with VisWeek, the 9th VizSec will provide new opportunities for the usability and visualization communities to collaborate and share insights on a broad range of security-related topics. Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series.

Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.

More information is on the web site:

http://www.ornl.gov/sci/vizsec/

Visualization of the Internet - BGP Paths visualization using Gephi + dataset available

Visualization of the Internet - BGP Paths visualization using Gephi + dataset available

Digging into my various BGP datasets, I decided to create a GraphViz dot files with all the unique AS path in BGP for Internet as of Today. The dot file is available at the following location: http://www.foo.be/internet-dot/BGP-ASN-Paths-20120403.dot (! 44MB) and a quick overview of the dataset with Gephi: http://www.foo.be/internet-dot/Top-ASN-20120403.png. You can directly see the ASN 3356 (Level 3), one of the most connected providers. I used the "Radial Axis" layout that is well suited for such kind of dataset. The internet view (from this BGP router) contains 40898 ASN representing a majority of the ISP on the Internet.

The dataset can be used to experiment Gephi or other tools to handle large graphs with a lot of connections. The dataset will be updated at a regular interval. If you have any ideas, feedback... let me know.

IEEE Network special issue on Network Visualization - Updated deadline

IEEE Network Magazine, Special Issue on Computer Network Visualization has an Extended Deadline, now May 1, 2012

Visualizing Packet Captures For Fun and Profit

I wrote a small blog post about AfterGlow and how to visualize packet captures. It gives a few examples on how packet captures can be visualized as link graphs.

I then followed up with a post on Advanced Network Graph Visualization with AfterGlow. In this post I show how you can use some extended capabilities of AfterGlow to read configuration parameters from variables and files in order to influence your network graph's colors, clustering, etc.

Curious to hear your feedback!

University's Computer Network under Attack

University's Computer Network under Attack

The picture shows attacks from the Internet to computers located at the University of Konstanz (brute force SSH attacks). The background represents the university’s network structure with computer systems as rectangles. External hosts are shown as colored circles on the outside. The splines represent the connections between attackers and computers within the network. This reveals a distributed attack originating from hundreds of hosts working together in attempt to break into specific computer systems.

More Information on: http://ff.cx/nflowvis/