Add Post   Gallery
This is a community portal. Sign up on the left and start posting about analytics and visualization of security data.

 


 

Nessus vulnerability scanner pigized

Nessus vulnerability scanner pigized

Graph of a Nessus scan as seen by Snort and Prelude LML using pig

Saint vulnerability scanner pigized

Saint vulnerability scanner pigized

Graph of a Saint scan as seen by Snort and Prelude LML using pig

Retina vulnerability scanner pigized

Retina vulnerability scanner pigized

Prelude IDMEF Grapher (PIG) shows IDMEF data on a multi-axes view for graphical alerts analysis. This graph shows what was displayed performing a scan using the Retina software. Snort and Prelude LML (log analysis) send their alerts to the prelude manager that we connect to using pig.

24 hours of firewall logs plotted by dest port over time (color is source port)

24 hours of firewall logs plotted by dest port over time (color is source port)

Next, a plot of the same data using the destination port number over time points to obvious port scanning in the form of diagonal lines as well as odd patterns that sync with the previous destination IP address plot.

All of these graphs were created by parsing firewalls logs using a perl script and loading them into Advizor Analyst.

24 hours of firewall logs plotted by dest ip (int) over time (color is dest port)

24 hours of firewall logs plotted by dest ip (int) over time (color is dest port)

When you plot the destination IP address as an integer over time, many interesting patterns are highlighted. Even more interesting than the horizontal patterns indicating continuous traffic to specific IP addresses are the vertical clusters with regularly repeating frequencies.

All of these graphs were created by parsing firewalls logs using a perl script and loading them into Advizor Analyst.

VizSec 2008 update

The full and short paper deadline for VizSec has been extended. The new deadlines are:
April 21, 2008 : Deadline for full paper submission
May 19, 2008 : Deadline for short paper submissions
July 18, 2008 : Deadline for poster and demo abstracts

The Keynote speaker at VizSec will be Ben Shneiderman, speaking on the topic Information Forensics: Harnessing visualization to support discovery. Ben Shneiderman is a Professor in the Department of Computer Science, Founding Director (1983-2000) of the Human-Computer Interaction Laboratory, and Member of the Institute for Advanced Computer Studies at the University of Maryland at College Park. He was made a Fellow of the ACM in 1997, elected a Fellow of the American Association for the Advancement of Science in 2001, and received the ACM CHI (Computer Human Interaction) Lifetime Achievement Award in 2001.

Full and short papers will be published by Springer Lecture Notes in Computer Science (LNCS) in the VizSec 2008 Proceedings.
Formatting and submission instructions are on the web site: http://vizsec.org/workshop2008

gnuplot of binary / encrypted binary

gnuplot of binary / encrypted binary

Two gnuplot bar graphs, one showing byte value counts of a binary file and the other showing the encrypted version of that same file.
From: http://pmelson.blogspot.com/2008/03/quicky-binary-file-visual-analysis.html

Google Visualization API - A new Approach to Visualization?

Google has been working heavily on the visualization front. After acquiring GapMinder, they released various visualization related tools, such as Google Charts. The latest release has been the Google Visualization API (another announcement of the Google Visualization API).

The amount of charts available is fairly impressive. What I really like is the gapminder-like chart. It supports full interaction and is an amazing tool to see how data evolved over time. To see some more of the chart types, have a look at the visualization gallery.

Why is it important to Security Visualization?
I think what is going to happen is that more and more people will get exposed to the capabilities of interactive visualization. This will definitely drive a demand and hopefully trickle down into the world of security visualization. I am definitely looking forward to some interactive tools that assist me in analyzing my log files. Interaction won't be the be all end all solution. I still think security visualization is missing a significant piece. It's the piece where knowledge is translated. People need help visualizing their data. They need help in choosing the right charts, the right colors, etc. It's not easy, but hopefully my upcoming book on "Applied Security Visualization" is going to somewhat help. What is missing is just a translation of the book into a visualization application!

The announcement of the new Google visualization API went out earlier this week and has generated quite a bit of interested in the general community:


Google is also updating Google Docs to support the new visualization API. Along with the introduction of pivot tables, is this the end of Excel charting? For a walk-through of Google docs and the visualization feature, have a look at Juan Pablo's blog.

Visualizations of malware code

An article that passed by me recently that I haven't seen any posts about:
http://blog.washingtonpost.com/securityfix/2008/01/putting_a_scary_face_on_malici_1.html

Brian Krebs wrote it about an artist named Alex Dragulescu, who's doing really interesting visualizations of malware:
http://sq.ro/malwarez.php