The 10th International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec will provide an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series.
Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.
See http://www.vizsec.org/ for additional information.
It might not be the pretties graph, but it tells a story. This graphs was generated with R and shows the number of HTTP connections per Host header field. I generated this graph with data from Bro's HTTP.log file.
A few other graphs and R scripts can be found on my blog, http://anthonykasza.webs.com/blog23.html
This graph shows a part of the global SSL trust relationships. It was generated with AfterGlow and Gephi (by using the -k parameter of AfterGlow to generate a GDF file). Node size is based on the number of children for each node. The big green node is the DFN CERT. And no, it doesn't mean that the DNF CERT is trusted more than any other certificate authority...
As I've been putting together an R package for mining open source IP "intelligence" data, I decided to play with visualizing malicious host categories in AlienValut's IP reputation database. This image is a network graph plot (using R & igraph) of AlienVault identified C&C nodes as they relate to host ASNs (with ASN peers included). Red nodes are the C&C hosts, gold nodes are the the ASNs.
I did the same with a subset of "Malicious Hosts" in AlienValut's db and am thinking that tracking these over a day (/week/month/year) would make for an interesting view of the ebb & flow of C&C hosts.
There are a couple of seats open for next week's security visualization workshop in Dubai. The training is held Friday and Saturday, November 9th and 10th in Dubai.
The topics are anything from data sources to log processing to a lot of eye-catching visualizations, and a great module on big data. The signup link contains all the information you need.
Hope to see you in Dubai next week!
A week ago, in Seattle, VizSec 2012 was taking place. I had the honor to present the keynote, which I used as an opportunity to talk about the state of the security visualization space. Here is the video of the talk.
This is a quick outline of the talk:
Following are the slides from the talk. Unfortunately, my video recording from the VizSec keynote failed. I was presenting at Microsoft however, the same week and I was able to record my talk there. Same slides.
The past couple of months have been pretty clean from SPAM in the secviz feed, after I implemented a moderator queue for all the content. This seems to work pretty well. However, the system doesn't let me enable a moderator queue for images in the image gallery. That's why you have seen a few SPAM images in the feed (for example this morning).
I took another step to prevent this. When signing up as a user, you will have to be approved from now on. This seems to be the only way for me to prevent SPAM once and for all. I hope I'll be able to distinguish real users from spammers upon signup. I'll figure that one out.
Looking forward to seeing your posts here!
After a series of Nessus jobs (with hundreds of nodes and thousands of findings) I scrapped together Prenus, the pretty Nessus .. thing. Consuming Nessus XML files and outputting in a few different formats, including Afterglow or Circos formatted files, can help construct these sorts of images. Useful if you have stacks of data. You can read more over here.
The picture shows the hourly amount of network traffic for thousands of hosts in a large computer network for 24 hours. The different nested circles represent the subnet hierarchy of the IP addresses. Each filled circle represents a whole subnet or a single hosts. Each circle consists of 24 segments, while each colored segment visualizes the number of bytes transferred in the respective hour.
More Information and Interactive Demo on: http://ff.cx/clockmap/