Discussions

This is where you can start discussions around security visualization topics.

NOTE: If you want to submit an image, post it in the graph exchange library!

You might also want to consider posting your question or comment on the SecViz Mailinglist!

Discussion Entries

warning: Creating default object from empty value in /usr/www/users/zrlram/secviz/modules/taxonomy/taxonomy.module on line 1387.

VAST Challenge 2012 - There's still time to enter

This year’s VAST Challenge focuses on visual analytics applications for both large scale situation analysis and cyber security. There are two mini-challenges to test your visual analytics applications and your analytical skills.

In mini-challenge 1, (the imaginary) BankWorld's largest financial institution, the (fictitious) Bank of Money needs your best situation awareness visualizations to understand the health of its global corporate network. How do you visualize status data for a network containing nearly a million computers in a way that you can perceive network health and identify problems?

In mini-challenge 2, unusual events are occurring in one of the Bank of Money's regional offices. Some of them may very well wreak havoc across the institution if they turn out to be malicious. What are these unusual events? And if you were in charge of computer security, what actions should be taken to safeguard the network and quite possibly save the Bank of Money from disaster? (Participants from last year's VAST challenge may find their firewall and IDS log analysis tools useful for this challenge as well.)

We encourage participation by individuals and teams in industry and academia. Creative approaches to visual analytics are encouraged.

Please visit http://www.vacommunity.org/vastchallenge2012 to download datasets and instructions. For more information, please contact vast_challenge@visweek.org.

The submission deadline is July 9, 2012.

We look forward to seeing your creative solutions!

Visual Analytics – Delivering Actionable Security Intelligence

At the end of August, I will be teaching a visualization workshop in Iceland. The workshop is part of the Nordic Security Conferene.
The workshop has gotten quite a face lift. The visualization module was updated a lot to include more on graphs and visuals, as well as a little bit more on visualization theory that is immediately applicable to your every day security visualizations. I am introducing many more visualization tools in a hands-on fashion and I am, for the first time, going to teach a module on big data: Hadoop, Riak, Mongo, Flume, etc. What do they have to do with security intelligence and security monitoring? Come and explore the topic with me!

Sign up today!

3D Visualization of Attack and Exploit Paths

I recently posted some new video’s to Tenable’s Youtube channel about how to visualize network attack and exploit paths in 3D. The videos are located on this playlist. They make use of data from Tenable’s Nessus and the Passive Vulnerability Scanner products to identify exploitable internet facing systems, exploitable internet browsing clients and exploitable clients that are trusted by servers. There is also a blog post and white paper on this sort of 3D analysis on the Tenable blog.

youtube-3d-attatck-path-visualization.PNG

VizSec 2012

VizSec 2012 will be held in mid-October as part of VisWeek in Seattle. When we know the exact date, we will update the web site. Papers are due July 1.

The International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization techniques. Co-located this year with VisWeek, the 9th VizSec will provide new opportunities for the usability and visualization communities to collaborate and share insights on a broad range of security-related topics. Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series.

Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.

More information is on the web site:

http://www.ornl.gov/sci/vizsec/

IEEE Network special issue on Network Visualization - Updated deadline

IEEE Network Magazine, Special Issue on Computer Network Visualization has an Extended Deadline, now May 1, 2012

Visualizing Packet Captures For Fun and Profit

I wrote a small blog post about AfterGlow and how to visualize packet captures. It gives a few examples on how packet captures can be visualized as link graphs.

I then followed up with a post on Advanced Network Graph Visualization with AfterGlow. In this post I show how you can use some extended capabilities of AfterGlow to read configuration parameters from variables and files in order to influence your network graph's colors, clustering, etc.

Curious to hear your feedback!

CFP: IEEE Network, Special Issue on Computer Network Visualization

Call for Papers

IEEE Network Magazine
http://dl.comsoc.org/livepubs/ni/

Special Issue on Computer Network Visualization, Nov./Dec. 2012 issue

Background

Computer networks are dynamic, growing, and continually evolving. As complexity grows, it becomes harder to effectively communicate to human decision-makers the results of methods and metrics for monitoring networks, classifying traffic, and identifying malicious or abnormal events. Network administrators and security analysts require tools that help them understand, reason about, and make decisions about the information their analytic systems produce. To this end, information visualization and visual analytics hold great promise for making the information accessible, usable, and actionable by taking advantage of the human perceptual abilities. Information visualization techniques help network administrators and security analysts to quickly recognize patterns and anomalies; visually integrate heterogeneous data sources; and provide context for critical events.

Scope

This special issue seeks original articles examining the state of the art, open issues, research results, evaluations of visualization and visual analytic tools, and future research directions in computer network visualization and visual analytics. All submissions should be written to be understandable and appealing to a general audience. Research papers should contain a substantial amount of tutorial content and minimal mathematics. Topics of interest include, but are not limited to:

* Uses of visualization for network status monitoring and situational awareness
* Visualization methods employed in the classification of network traffic and its analysis
* Visualization methods enhancing network intrusion detection and anomaly detection
* Visualization methods for the analysis of network threats (e.g. botnets)
* Visualization methods for the analysis of network routing
* Methods for integrating analytics and visualization together for network analysis tasks
* Methods for visually integrating heterogeneous data sources to support network analysis tasks
* Case studies of open source visualization tools in network analysis tasks
* Evaluations of network visualization tools in situ

Manuscript Submission

Articles should be written in a style comprehensible and appealing to readers outside the speciality of the article. Authors must follow the IEEE Network Magazine guidelines regarding the manuscript and its format. For details, please refer to the "Guidelines for manuscripts" at the IEEE Network Magazine web site at http://dl.comsoc.org/livepubs/ni/info/authors.html. Submitted papers must be original work and must not be under consideration for publication in other venues. Authors should submit their manuscripts in PDF through ScholarOne for IEEE Network Magazine. Choose this special issue from the drop down menu on the submission page. Authors uncertain about the relevance of their paper to this special issue should inquire with the guest editors before submission.

Schedule
Submissions: April 1, 2012
Author notifications: July 1, 2012
Final papers: September 1, 2012
Publication: November 2012

Guest Editors

John Goodall
Oak Ridge National Lab
jgoodall@ornl.gov

John Gerth
Stanford University
gerth@graphics.stanford.edu

Florian Mansmann
University of Konstanz
Florian.Mansmann@uni-konstanz.de

Old Security Visualization Presentations

I just uploaded a number of my old presentations, mainly on security visualization, to slideshare. The link below leads you right to them:

Security Visualization Presentations

There are presentations from a number of conferences:

  • FIT 2008
  • SUMIT 2008
  • VizSec 2008
  • HITB 2008
  • First 2007
  • DefCon 2005

And then there are still the newer presentations that have been there for a while now.

Data Visualization Resources

I teach a data analytics and visualization class every now and then. In the last section of the class I share a number of resources with the students. The Web sites are mainly blogs and generic visualization resources; Not tools.

The following is the list of resources. Have your own favorite visualization resource? Add a comment!

A much longer list of non curated links you can also find on my delicious feed.