integrated visualization of network security metadata
play

Integrated Visualization of Network Security Metadata from - PowerPoint PPT Presentation

Sep 24, 2022 •380 likes •547 views

Integrated Visualization of Network Security Metadata from Heterogeneous Data Sources Bastian Hellmann Trust@HsH Research Group University of Applied Sciences and Arts in Hanover July 13th 2015 GraMSec 2015 Verona, Italy Bastian Hellmann

  1. Integrated Visualization of Network Security Metadata from Heterogeneous Data Sources Bastian Hellmann Trust@HsH Research Group University of Applied Sciences and Arts in Hanover July 13th 2015 GraMSec 2015 Verona, Italy Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 1 / 15

  2. Motivation Problem in Network Security Typical networks consist of various components like user endpoints, network security devices, services, . . . . Information is not shared among those components. Thus, an overview of whats going on is di ffi cult. Exemplary Use-Cases Detect combinations of failed login attempts on multiple services by the same user. Find the sources of the attack. Trace the way the attack moved in the network. React fast by shutting down accounts or locking out devices. Our Contribution Design and implement an integrated visualization, that works with data from various sources, and helps to detect and react to such attacks. Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 2 / 15

  3. Requirements Real-Time Monitoring Acquire knowledge before it is outdated → Allows for faster reactions after detection of abnormal behavior Data Integration Combine information and knowledge from arbitrary components → Allows to combine knowledge Retrospective Analysis Preserve historical course of data and provide means to navigate in time → Events that led to a specific state can be retracted Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 3 / 15

  4. Integration of Data Sources Types of data interesting for network security Physical and logical topology Configuration of devices & services State Behavior Our approach Use IF-MAP protocol as the foundation ( → next slides) Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 4 / 15

  5. Interface for Metadata Access Points (IF-MAP) What is it? Open specification by the Trusted Computing Group Goal: allow exchanging information between arbitrary network components Data is defined in an extensible way and not bound to a domain Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 5 / 15

  6. Proposed Architecture Analysis Visualization Data Processing Persistence MAP-Server IF-MAP Log fi le / Syslog IO-Framework NAC / VPN Flow Controller (N)IDS Collectors and Controllers Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 6 / 15

  7. Application and Persistence Level Concepts Enhancements to IF-MAP Persistence of IF-MAP data, as the MAP server only holds the current state Continuous recording Preserve the changes (not only snapshots) as the MAP server receives them State and change queries Allow to query for snapshots , i.e. the complete graph at a given time Allow to query for the changes (delta) between two timestamps Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 7 / 15

  8. Visualization Requirements and Concepts I Representing the data model IF-MAP forms a graph with nodes (identifier) and edges (links) and information attached to them Thus can be rendered with standard graph rendering techniques and layouts Publisher distinction The source (i.e. the MAP client measuring the data) of metadata needs to be transparent to the user Use the IF-MAP publisher-id to distinct between metadata from di ff erent clients (e.g. by coloring) Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 8 / 15

  9. Visualization Requirements and Concepts II History navigation Navigation via three modes: live view , history view , delta view Selection of timestamps via slider and/or forward-backward-buttons Search Functionality and Filtering Allow the user to search or filter the graph data, to pinpoint a single node or a selection of nodes with similar features Search results can either be highlighted or colored di ff erently as non-matching nodes Non-matching nodes also can be shown translucent, to retain the overall structure Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 9 / 15

  10. VisITMeta Application General information Research project, funded by German Ministry for Research and Education Released as open-source software 1 Implementation of all previous concepts O ff ers additional features like motion control (LeapMotion) 1 https://github.com/trustathsh/visitmeta Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 10 / 15

  11. Screenshot (v0.4.2) Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 11 / 15

  12. Specifics of IF-MAP Visualization Characteristics of IF-MAP graphs Two kinds of nodes: Identifier and Metadata Can and should be handled di ff erently when calculating layouts Example: Adapted Bipartite Layout Identifier in columns 2 and 4, Metadata in columns 1, 3 and 5 Emphasizes the di ff erence between link and single metadata Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 12 / 15

  13. Results Homogenization IF-MAP used for acquisition and homogenization of di ff erent data sources Components need only be enabled to publish IF-MAP information Data context Implicit connection of di ff erent data like network addresses, user credentials, services and high-level events Interoperability VisITMeta as a software is usable in every IF-MAP-based environment as it uses standard mechanisms to fetch the data Many MAP clients and thus a good amount of data sources already available Continuous recording and retrospective analysis Changes are persisted as they are processed by the MAP server They can then be reconstructed step by step Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 13 / 15

  14. Indentified Challenges Visual Scalability Big graphs get cluttered really quick Techniques to reduce the size of the graph have to be added, like Level of Detail Visual dynamics Frequent changes in the network lead to many changes in the visualization E.g. do not show low-level data and concentrate instead on high-level abstractions Recording of all data Mechanism to fetch data from the MAP server has a shortcoming implied from IF-MAP itself: only connected graphs can be observed via a subscription IF-MAP does not o ff er a mechanism to get to know if there are new and disconnected graphs. Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 14 / 15

  15. Conclusion Summary Requirements for data integration including model and requirements for visualizing the data IF-MAP as foundation Graph-based visualization with regards to IF-MAP structure Features like history navigation and filtering Future Work Address the identified challenges Using data persistence for analysis Bastian Hellmann (Trust@HsH) GraMSec 2015 July 13th 2015 15 / 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ad Hoc Network Visualization Module Name: Tactical Network Visualization with VisualCyberVAN

Ad Hoc Network Visualization Module Name: Tactical Network Visualization with VisualCyberVAN

CMPSC 597G Ad Hoc Network Visualization Module Name: Tactical Network Visualization with VisualCyberVAN with VisualCyberVAN Professor Patrick McDaniel Joshua Crafts Fall 2015 The Ontology of Network Security The overall objective of the

343 views • 21 slides
Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1

Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1

Pentest Accountability By Analyzing Network Traffic & Network Traffic Metadata RP1 Presentation By Henk van Doorn & Marko Spithoff Relevance Security Audits Company Detects (Attempted) Breach Accountability Of Actions 2

337 views • 22 slides
Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can

Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can

Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can Visualization can be startling, Still impressed by Visualization can be reveal previously It can stop crowds! the visualization... Impressive!

1.05k views • 36 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About

Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About

Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About InCommon Federated security incident response Security contacts in metadata Metadata integrity Examples and statistics Open questions

463 views • 12 slides
Network Security Visualization Genevieve Max & Keith Fligg April 22, 2012 Attack Scenario

Network Security Visualization Genevieve Max & Keith Fligg April 22, 2012 Attack Scenario

Network Security Visualization Genevieve Max & Keith Fligg April 22, 2012 Attack Scenario Gather Raw Network Data 0101010101011101010 1010010101110010101 0011010101011100010 Network 0010100010101110001 OS 0111011010001010101

1.18k views • 45 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Visualization at LLNL April 22, 2014 Richard Cook Information Management, Graphics and Security

Visualization at LLNL April 22, 2014 Richard Cook Information Management, Graphics and Security

Performance Measures x.x, x.x, and x.x Visualization at LLNL April 22, 2014 Richard Cook Information Management, Graphics and Security Group Integrated Computing and Communications Department Lawrence Livermore National Laboratory This

518 views • 16 slides
Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big

Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big

5/18/2017 Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big Picture: Integrated Security Pathways Cyber Security ISERC Student portal National Security Studies CAPSTONE: Gateway course Peace Studies

298 views • 3 slides
Beyond networks: Incorporating node metadata into network analysis Leto Peel Universit

Beyond networks: Incorporating node metadata into network analysis Leto Peel Universit

Beyond networks: Incorporating node metadata into network analysis Leto Peel Universit catholique de Louvain @PiratePeel Here is a network G=(V,E) social networks food webs internet protein interactions Network nodes can have properties or

834 views • 36 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

Overview The Thin Blue Line: Security SysAdmins Current state of Internet Security Better Tools for System Administration: all metrics show bad -> worse unpatched software vulnerabilities Enhancing the Human-Computer

583 views • 6 slides
Among the blind, the squinter rules. Security visualization in the field About me Wim Remes

Among the blind, the squinter rules. Security visualization in the field About me Wim Remes

Among the blind, the squinter rules. Security visualization in the field About me Wim Remes .Ernst and Young Belgium (ITRA FSO) .Incident Response/Analysis .Security Monitoring (SIEM) .Security Management .Eurotrash podcast .InfosecMentors

768 views • 52 slides
S O C I A L NETWORK ANALYSIS CURRENT VISUALIZATION PROBLEMS Flat network structure and a Poor

S O C I A L NETWORK ANALYSIS CURRENT VISUALIZATION PROBLEMS Flat network structure and a Poor

AN EXPLORATION BASED APPROACH TO S O C I A L NETWORK ANALYSIS CURRENT VISUALIZATION PROBLEMS Flat network structure and a Poor organization leads Network presentation can lead lack of focus lead to a shallow to overwhelming network to

151 views • 11 slides
Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization

Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization

Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization as a Basis for Usable Security Usable Security Jennifer Rode, Carolina Johansson , Paul DiGioia, Roberto Silva Filho, Jennifer Rode,

327 views • 30 slides
Calibration and Pricing with the LGM Model HSH NORDBANK Dr. Werner Krzinger Dsseldorf,

Calibration and Pricing with the LGM Model HSH NORDBANK Dr. Werner Krzinger Dsseldorf,

ASPECTS OF PRICING IRREGULAR SWAPTIONS WITH QUANTLIB Calibration and Pricing with the LGM Model HSH NORDBANK Dr. Werner Krzinger Dsseldorf, November 30th, 2017 HSH-NORDBANK.DE Disclaimer The content of this presentation reflects the

922 views • 28 slides
UNCERTAIN VOLATILITY MODEL Solving the Black Scholes Barenblatt Equation with the method of lines

UNCERTAIN VOLATILITY MODEL Solving the Black Scholes Barenblatt Equation with the method of lines

UNCERTAIN VOLATILITY MODEL Solving the Black Scholes Barenblatt Equation with the method of lines GRM Bernd Lewerenz Qlum 30.11.2017 Uncertain Volatility Model In 1973 Black, Scholes and Merton published there Option Pricing Model which

653 views • 19 slides
HSH Non-Profit Provider Conference December 2018 Pr ogr am L e ads Se ssion http:/ /

HSH Non-Profit Provider Conference December 2018 Pr ogr am L e ads Se ssion http:/ /

HSH Non-Profit Provider Conference December 2018 Pr ogr am L e ads Se ssion http:/ / hsh.sfgov.or g/ Intr oduc tions 3 Who is in the ro o m? Me e t two pe o ple yo u do n t kno w Wha t s o ne thing yo u a re wo rking o

715 views • 29 slides
Paper good practice Sensors ARVOR-PROVOR technical Workshop, Brest, 28.30. Jan. 2020

Paper good practice Sensors ARVOR-PROVOR technical Workshop, Brest, 28.30. Jan. 2020

BGC-Argo good practice paper Sensors Henry Bittig, 29. Jan. 2020 Paper good practice Sensors ARVOR-PROVOR technical Workshop, Brest, 28.30. Jan. 2020 BGC-Argo good practice paper Sensors Henry Bittig, 29. Jan. 2020 1. Sensor

356 views • 14 slides
Is Haskell ready for everyday computing? An informal experience report. Jeff Polakow CUFP 2008

Is Haskell ready for everyday computing? An informal experience report. Jeff Polakow CUFP 2008

Is Haskell ready for everyday computing? An informal experience report. Jeff Polakow CUFP 2008 Talk Overview My background Job background System description Points of interest Conclusions About Me Theoretical PL

426 views • 15 slides
Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches Institut, Universit at M

Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches Institut, Universit at M

Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches Institut, Universit at M unchen 1 Motivation Proof carrying code (Lee, Necula) Why? Proofs are machine checkable (easily) Here: code carrying proofs Prospects:

541 views • 36 slides
Well-balanced DG scheme for Euler equations with gravity Praveen Chandrashekar

Well-balanced DG scheme for Euler equations with gravity Praveen Chandrashekar

Well-balanced DG scheme for Euler equations with gravity Praveen Chandrashekar praveen@tifrbng.res.in Center for Applicable Mathematics Tata Institute of Fundamental Research Bangalore 560065 Higher Order Numerical Methods for Evolutionary

729 views • 55 slides
STAN Current State and Future Work Scalable Hardware-Aided Trusted Data Management Nico

STAN Current State and Future Work Scalable Hardware-Aided Trusted Data Management Nico

STAN Current State and Future Work Scalable Hardware-Aided Trusted Data Management Nico Weichbrodt, 2019-09-03/04 Moving Databases to the Cloud Everyone moves to the cloud Higher scalability and availability But: no trust in the cloud

502 views • 15 slides

More recommend