Add Post   Gallery
This is a community portal. Sign up on the left and start posting about analytics and visualization of security data.

 


 

A student final year project

Hi

I am a final year undergrad student studying computing and information security. I am about to embark on my final year project, for which I have decided to try and create a network monitoring tool that visualizes the logs of the network traffic. I would like to point out that this is still a very young project but would like to ask for any pointers or advice.

I am currently thinking that I will build a piece of software in something like pearl that will call and run tcp dump from a server on the network. This will then log all entries to a data base or I i can read from p cap file s into a script which will help to display the data on a web interface from a host on the network..

have a lot to learn but some points in the correct direction would be great... like is pearl best to use should I dump everything into a data base or will it fall over if i chuck loads of data at it etc ...

your help is much appreciated

Log Templater (Artificial Ignorance Utility)

During the last security incident that I worked on, I needed to grind through 20gb of log files looking for any odd log lines that would indicate the point where the bad guys got in. If I had done it manually, I would still be looking at log data. Instead, I built a tool that converted logs into pattern templates and looked for templates that I had never seen before. This allowed me to zero in on just a few hundred log lines out of all the data.

Templater is a small and fast log processor that provides simple artificial ignorance capabilities. You use the tool to process past log data and store templates that represent normal log line structures. You then run the tool against current or target logs and all normal patterns are automatically ignored. The parser is fast and capable of processing millions of lines per minute. For weblogs and firewall logs, I average 9M lines per minute on a 2GHz x86 machine running *NIX. The template strategy was originally proposed by a friend of mine in 2003 who later built a tool called never before seen (NBS) which also provides artificial ignorance for arbitrary text data as well as text structures.

mpggl.jpg

mpggl.jpg

New Graph Widget

I am optimizing and testing a new QtWidget I have created for force directed graph layouts. Currently it will only utilize the CPU but I am working on a CUDA implementation as well. When release the widget will allow developers to place force directed graph layouts in their qt applications. Additionally this will be included in a new version of inav hopefully out soon. More images on my flickr page:
http://www.flickr.com/photos/scap1784/sets/72157627651310826/with/6168147922/

New Graph Widget

New Graph Widget

New Graph Widget

Graphical representation of the first round of the mini-AES cipher algorithm

Graphical representation of the first round of the mini-AES cipher algorithm

Graphical representation of the logical OR

Graphical representation of the logical OR

Graphical representation of the logical AND

Graphical representation of the logical AND

3D Mesh Grid on Worldmap with Heat Map Tiles

3D Mesh Grid on Worldmap with Heat Map Tiles

Web based 3D malware visualization

I had created two visualization under the scope of GSoC 2011 Honeynet Project. The main aim was to create a 3D mesh with heat map tiles on a world map. The first visualization is a quick proof of concept though the second one is created by using Processing visualization framework.

Please check the documentation site to get detail information and leave me your feedback. The site includes links to demo sites also.

3D Mesh Grid on Worldmap with Heat Map Tiles