Add Post   Gallery
This is a community portal. Sign up on the left and start posting about analytics and visualization of security data.

 


 

3D Visualization of Attack and Exploit Paths

I recently posted some new video’s to Tenable’s Youtube channel about how to visualize network attack and exploit paths in 3D. The videos are located on this playlist. They make use of data from Tenable’s Nessus and the Passive Vulnerability Scanner products to identify exploitable internet facing systems, exploitable internet browsing clients and exploitable clients that are trusted by servers. There is also a blog post and white paper on this sort of 3D analysis on the Tenable blog.

youtube-3d-attatck-path-visualization.PNG

VizSec 2012

VizSec 2012 will be held in mid-October as part of VisWeek in Seattle. When we know the exact date, we will update the web site. Papers are due July 1.

The International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization techniques. Co-located this year with VisWeek, the 9th VizSec will provide new opportunities for the usability and visualization communities to collaborate and share insights on a broad range of security-related topics. Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series.

Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.

More information is on the web site:

http://www.ornl.gov/sci/vizsec/

Visualization of the Internet - BGP Paths visualization using Gephi + dataset available

Visualization of the Internet - BGP Paths visualization using Gephi + dataset available

Digging into my various BGP datasets, I decided to create a GraphViz dot files with all the unique AS path in BGP for Internet as of Today. The dot file is available at the following location: http://www.foo.be/internet-dot/BGP-ASN-Paths-20120403.dot (! 44MB) and a quick overview of the dataset with Gephi: http://www.foo.be/internet-dot/Top-ASN-20120403.png. You can directly see the ASN 3356 (Level 3), one of the most connected providers. I used the "Radial Axis" layout that is well suited for such kind of dataset. The internet view (from this BGP router) contains 40898 ASN representing a majority of the ISP on the Internet.

The dataset can be used to experiment Gephi or other tools to handle large graphs with a lot of connections. The dataset will be updated at a regular interval. If you have any ideas, feedback... let me know.

IEEE Network special issue on Network Visualization - Updated deadline

IEEE Network Magazine, Special Issue on Computer Network Visualization has an Extended Deadline, now May 1, 2012

Visualizing Packet Captures For Fun and Profit

I wrote a small blog post about AfterGlow and how to visualize packet captures. It gives a few examples on how packet captures can be visualized as link graphs.

I then followed up with a post on Advanced Network Graph Visualization with AfterGlow. In this post I show how you can use some extended capabilities of AfterGlow to read configuration parameters from variables and files in order to influence your network graph's colors, clustering, etc.

Curious to hear your feedback!

University's Computer Network under Attack

University's Computer Network under Attack

The picture shows attacks from the Internet to computers located at the University of Konstanz (brute force SSH attacks). The background represents the university’s network structure with computer systems as rectangles. External hosts are shown as colored circles on the outside. The splines represent the connections between attackers and computers within the network. This reveals a distributed attack originating from hundreds of hosts working together in attempt to break into specific computer systems.

More Information on: http://ff.cx/nflowvis/

CFP: IEEE Network, Special Issue on Computer Network Visualization

Call for Papers

IEEE Network Magazine
http://dl.comsoc.org/livepubs/ni/

Special Issue on Computer Network Visualization, Nov./Dec. 2012 issue

Background

Computer networks are dynamic, growing, and continually evolving. As complexity grows, it becomes harder to effectively communicate to human decision-makers the results of methods and metrics for monitoring networks, classifying traffic, and identifying malicious or abnormal events. Network administrators and security analysts require tools that help them understand, reason about, and make decisions about the information their analytic systems produce. To this end, information visualization and visual analytics hold great promise for making the information accessible, usable, and actionable by taking advantage of the human perceptual abilities. Information visualization techniques help network administrators and security analysts to quickly recognize patterns and anomalies; visually integrate heterogeneous data sources; and provide context for critical events.

Scope

This special issue seeks original articles examining the state of the art, open issues, research results, evaluations of visualization and visual analytic tools, and future research directions in computer network visualization and visual analytics. All submissions should be written to be understandable and appealing to a general audience. Research papers should contain a substantial amount of tutorial content and minimal mathematics. Topics of interest include, but are not limited to:

* Uses of visualization for network status monitoring and situational awareness
* Visualization methods employed in the classification of network traffic and its analysis
* Visualization methods enhancing network intrusion detection and anomaly detection
* Visualization methods for the analysis of network threats (e.g. botnets)
* Visualization methods for the analysis of network routing
* Methods for integrating analytics and visualization together for network analysis tasks
* Methods for visually integrating heterogeneous data sources to support network analysis tasks
* Case studies of open source visualization tools in network analysis tasks
* Evaluations of network visualization tools in situ

Manuscript Submission

Articles should be written in a style comprehensible and appealing to readers outside the speciality of the article. Authors must follow the IEEE Network Magazine guidelines regarding the manuscript and its format. For details, please refer to the "Guidelines for manuscripts" at the IEEE Network Magazine web site at http://dl.comsoc.org/livepubs/ni/info/authors.html. Submitted papers must be original work and must not be under consideration for publication in other venues. Authors should submit their manuscripts in PDF through ScholarOne for IEEE Network Magazine. Choose this special issue from the drop down menu on the submission page. Authors uncertain about the relevance of their paper to this special issue should inquire with the guest editors before submission.

Schedule
Submissions: April 1, 2012
Author notifications: July 1, 2012
Final papers: September 1, 2012
Publication: November 2012

Guest Editors

John Goodall
Oak Ridge National Lab
jgoodall@ornl.gov

John Gerth
Stanford University
gerth@graphics.stanford.edu

Florian Mansmann
University of Konstanz
Florian.Mansmann@uni-konstanz.de

Old Security Visualization Presentations

I just uploaded a number of my old presentations, mainly on security visualization, to slideshare. The link below leads you right to them:

Security Visualization Presentations

There are presentations from a number of conferences:

  • FIT 2008
  • SUMIT 2008
  • VizSec 2008
  • HITB 2008
  • First 2007
  • DefCon 2005

And then there are still the newer presentations that have been there for a while now.

Data Visualization Resources

I teach a data analytics and visualization class every now and then. In the last section of the class I share a number of resources with the students. The Web sites are mainly blogs and generic visualization resources; Not tools.

The following is the list of resources. Have your own favorite visualization resource? Add a comment!

A much longer list of non curated links you can also find on my delicious feed.