This is where you can start discussions around security visualization topics.

NOTE: If you want to submit an image, post it in the graph exchange library!

You might also want to consider posting your question or comment on the SecViz Mailinglist!

Discussion Entries

warning: Creating default object from empty value in /usr/www/users/zrlram/secviz/modules/taxonomy/taxonomy.module on line 1387.

Housekeeping - Comments to entries

I have made a minor change with regards to letting people post comments to discussion entries. It used to be the case that anyone was able to post comments on the site. Unfortunately that meant that I got spammed quite badly. I realized that I had a huge approval queue for comments. I went through some of them and published them. Sorry if I deleted a comment of yours. Please repost if your comment got lost.

From now on, new comments can only be posted when logged in. Sorry for the inconvenience, but this should help a lot to make discussions more interactive through the comments.

Thanks for everybody that commented on broken links and such. I hope I fixed everything at this point. As always, if you have any input for the site, please let me know. Either by sending me an email or posting something here. Thx!

SecViz now has a Twitter feed

Follow SecViz on the brand new twitter feed: @SecViz.


Security Visualization Workshop in Hong Kong

As part of the ISSummit in Hong Kong, I will be teaching a one day workshop on security visualization. The following is the abstract of the training:

As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using today's state-of-the-art data visualization techniques, you can gain a far deeper understanding of what's happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. The attendees will get an overview of visualization, data sources for IT security, and learn how to generate visual representations of IT data. The training is filled with hands-on exercises.

The talk is going over the following individual topics:

  1. Section 1:Visualization
    Visualization is the core topic of this training. The first section introduces some basic visualization concepts and graph design principles that help generate visually effective graphs.

  2. Section 2:Data Sources
    Visualization cannot exist without data. This section discusses a variety of data sources relevant to computer security. I show what type of data the various devices generate, show how to parse the data, and then discuss some of the problems associated with each of the data sources.

  3. Section 3:Visually Representing Data
    Data can be visualized in many different ways. This section takes a closer look at various forms of visualizations. It first discusses generic graph properties and how they can help encode information. It then delves into a discussion of specific visualizations, such as charts, box plots, parallel coordinates, links graphs, and treemaps. The section ends with a discussion of how to choose the right graph for the data visualization problem at hand.

  4. Section 4: Data Visualization Tools
    After a short introduction to different data formats used by visualization tools, this section then discusses visualization to
    ols and libraries. Based on the Data Visualization and Analysis UNIX (DAVIX) distribution I show how simple it is to generate
    visual representations of IT data.

  5. Section 5: Perimeter Threat
    This section is a collection of use-cases. It starts out with a discussion of use-cases involving traffic-flow analysis. Everything from detecting worms to isolating denial-of-service attacks and monitoring traffic-based policies is covered. The use-cases are then extended to firewall logs, where a large firewall ruleset is analyzed first. In a second part, firewall logs are used to assess the ruleset to find potential misconfigurations or security holes. Intrusion detection signature tuning is the next two use-case. The remainder of the section looks at application layer data. Email server logs are analyzed to find open relays and identify email-based attacks. The section closes with a discussion of visualizing vulnerability scan data.

Should you be in Hong Kong on November 20th, come check out the training. Should you miss it, I will be teaching a two day workshop at SourceBoston, Boston in March 2009.

DAVIX - Welcome

Welcome to DAVIX

Congratulations, you successfully started DAVIX and connected to the Internet.

If you have an account on SeViz already, please sign in on the left side. If you do not have an account yet, please sign up for an account so we can keep you informed of new versions of DAVIX and new and cool things coming up.

New Account information
Your preferred username; punctuation is not allowed except for periods, hyphens, and underscores.
A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.
Indicate whether you are a user of DAVIX, a live CD for data analysis and visualization.

Video Interview for Applied Security Visualization

I recorded a short, 10 minute video where I am interviewed by Johnvey Hwang about the Applied Security Visualization book. We are talking about why I wrote the book, what the book is about, and also quickly talk about DAVIX. Tune in.


Skyrails 3D OpenGL visualisation

Skyrails is a social network (or any graph really) visualization system. It has a built in programming language for processing (as far as visualisation attributes goes) the graph and its attributes. The system is not only aimed at expert users though, because through the scripting languages menus can be built and the system can be used by any users.

The main distinguishing point of the system comes from the built in scripting language, the added flexibility of how to represent attributes (nodes can be binded to planes and spheres based on their attributes) and the scriptability of the user interface system. This makes skyrails ideal for creating presentations targeted at the average users.


skyrails in action:

DAVIX Workshop Slides from DefCon 2008

For those who are interested, here are the slides from the DAVIX workshop that Jan Monsch and Raffael Marty taught at DefCon 2008 in Vegas. The content is as follows:

  • What's DAVIX all about? Architecture of the CD, etc.

  • Very short introduction to Visualization

  • An example analysis, how to detect worms in cell phone networks

Learn more about DAVIX.

Newbie help request

Could I possibly get a little help with getting the afterglow / neato tools usefully working. have 291 lines of data and for the life of me the graphs I'm generating are quite poor.

I am not a Perl programmer but have managed to get cygwin working and afterglow & neato working.
using this sample set of the 291 I can get the two diagrams I have attached, but I would dearly like some advise how to generate a more representative image.

If this forum is inappropriate for a little mentoring then please advise / delete as appropriate.

With kind regards,

DAVIX 1.0.1 Released

After months of building and testing, the long anticipated release of DAVIX - The Data Analysis & Visualization Linux® - arrived last week during Blackhat/DEFCON in Las Vegas. It is a very exiting moment for us and we are curious to see how the product is received by audience. So far the ISO image has been downloaded at least 600 times from our main distribution server. Downloads from the mirrors are not accounted.

All those eager to get their hands dirty immediately can find a description as well as the download links for the DAVIX ISO image on the DAVIX homepage.

We wish you happy visualizing!

Kind regards