I was greatly honored when I got an invitation from the Conference on Knowledge Discovery and Data Mining (KDD) to give a talk about data mining and cyber security.
Knowing me, you might be able to guess the topic I chose to present: Visual Analytics. I am focussing on not the visualization layer or the data layer, but on the analytics layer. In the presentation I am showing what we have been doing with data analytics and data mining in cyber security. The presentation starts out with an overview of what security is and what our data looks like. While I show a few examples for different areas in cyber security, I am mainly highlighting problems and challenges we have been facing within these areas with regards to analytics and data mining.
The presentation has 5 parts:
For each of the six areas in data mining, the following slide shows a couple of challenges that one will run into when trying to apply them to cyber security data:
At the end, I am presenting a number of challenges to the community; hard problems that we need help with to advance insights into cyber security of infrastructures and applications. The following slide summarizes the challenges I see in data mining for security:
Definitely not a complete list. Please comment and add other challenges! If you have any suggestions on solving the challenges, please contact me or comment on this post as well!
We are preparing for the next DAVIX release and have constructed a survey to get your input on the tools you would like included, the delivery mechanism, and general information on your security visualization needs. Your participation in the survey would be greatly appreciated!
The survey is located at http://www.surveymonkey.com/s/769KG3C.
We would like to collect all responses by July 31, 2013.
AfterGlow is a security 'visualization' tool that simplifies the task of creating network graphs. It reads CSV files and converts them into a graph representation based on a set of configurations that the user defines (colors, edge thickness, node sizes, clustering, etc.). AfterGlow is a pretty powerful tool and filly this slide deck summarizes the features and provides a couple of interesting examples of how to use the tool.
These slides will also be part of my Visual Analytics workshop during BlackHat at the end of the month. There are still a couple of seats available!
The 10th Visualization for Cyber Security (VizSec) will be held in Atlanta GA, USA on October 14, 2013 in conjunction with IEEE VIS. VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.
The paper deadline has been extended to July 22, 2013 at 5:00pm PDT. Full papers offering novel contributions in security visualization are solicited. Papers may present techniques, applications, practical experience, theory, analysis, or experiments and evaluations. We encourage papers on technologies and methods that promise to improve cyber security practices, including, but not limited to:
We are also soliciting posters. Poster submissions may showcase late-breaking results, work in progress, preliminary results, or visual representations relevant to the VizSec community. Accepted poster abstracts will be made available on this website. Poster submissions are due August 23, 2013 at 5:00pm PDT.
See vizsec.org for the full Call for Papers and additional details.
This year's IEEE VAST Challenge features two mini-challenges that particularly appeal to the SecViz community. These challenges are open to participation by individuals and teams in industry, government, and academia. Creative approaches to visual analytics are encouraged.
Mini-Challenge 2 tests your skills in visual design. The fictitious Big Enterprise is searching for a design for their future situation awareness display. The company's intrepid network operations team will use this display to understand the health, security, and performance of their entire computer network. This challenge is also very different from previous VAST Challenges, because there is no data to process and no questions to answer. Instead, the challenge is to show off your design talents by producing a creative new design for situation awareness. Please visit http://www.vacommunity.org/VASTchallenge2013MC2 for more information.
Mini-Challenge 3 focuses on unusual happenings on the computer network of a marketing company. Can you identify what looks amiss on the network using the network flow and network health data provided? And can you ask the right questions to help you piece together the timeline of events? Two weeks of data will be released for this challenge. Week 1 data is now available. Please visit http://www.vacommunity.org/VASTchallenge2013MC3 for more details.
For more information, please contact firstname.lastname@example.org
Big data and security intelligence are the two hot topics in security for 2013. We are collecting more and more information from both the infrastructure, but increasingly also directly from our applications. This vast amount of data gets increasingly hard to understand. Terms like map reduce, hadoop, mongodb, etc. are part of many discussions. But what are those technologies? And what do they have to do with security intelligence? We will see that none of these technologies are sufficient in our quest to defend our networks and information. Data visualization is the only approach that scales to the ever changing threat landscape and infrastructure configurations. Using big data data visualization techniques, you can gain a far deeper understanding of what's happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. The attendees will learn about log analysis, big data, information visualization, data sources for IT security, and learn how to generate visual representations of IT data. The training is filled with hands-on exercises utilizing the DAVIX live CD.
Log Management and SIEM
Raffael Marty is one of the world's most recognized authorities on security data analytics. The author of Applied Security Visualization and creator of the open source DAVIX analytics platform, Raffy is the founder and ceo of PixlCloud, a next-generation data visualization application for big data. With a track record at companies including IBM Research and ArcSight, Raffy is thoroughly familiar with established practices and emerging trends in data analytics. He has served as Chief Security Strategist with Splunk and was a co-founder of Loggly, a cloud-based log management solution. For more than 12 years, Raffy has helped Fortune 500 companies defend themselves against sophisticated adversaries and has trained organizations around the world in the art of data visualization for security. Practicing zen has become an important part of Raffy's life.
This image shows network traffic to and from a single host in a smaller network. The visualization uses HTML (SVG) and D3 to render the SVG. It's fully interactive so that explorations become possible.
A single selection is visible here. The non selected links and nodes fade out and the selected connections are detailed out in the text box.