network security visualization
play

Network Security Visualization Genevieve Max & Keith Fligg - PowerPoint PPT Presentation

Oct 22, 2022 •708 likes •1.18k views

Network Security Visualization Genevieve Max & Keith Fligg April 22, 2012 Attack Scenario Gather Raw Network Data 0101010101011101010 1010010101110010101 0011010101011100010 Network 0010100010101110001 OS 0111011010001010101

  1. Network Security Visualization Genevieve Max & Keith Fligg April 22, 2012

  2. Attack Scenario Gather Raw Network Data 0101010101011101010 1010010101110010101 0011010101011100010 Network 0010100010101110001 OS 0111011010001010101 1111000101110010001 Attacker Apps 0011000111010101010 1010111010101010010 1011100101010011010 Firewall and Router 1010111000100010100 Visualization Fix Vulnerabilities

  3. Three Ws of Tool Design 1 Where in the network is the attack happening?

  4. Three Ws of Tool Design 1 Where in the network is the attack happening? 2 When is the attack happening?

  5. Three Ws of Tool Design 1 Where in the network is the attack happening? 2 When is the attack happening? 3 What type of attack is happening?

  6. Visualization Answering Three Ws

  7. Firewall Log

  8. Port Scan: Processed Log Files (psad)

  9. Port Scan: Visualization

  10. Circular Visualization

  11. Pre-Attentive Objects 1 Color

  12. Pre-Attentive Objects 1 Color 2 Position

  13. Pre-Attentive Objects 1 Color 2 Position 3 Form

  14. Pre-Attentive Objects 1 Color 2 Position 3 Form 4 Motion

  15. Pre-Attentive: Color

  16. Visualization Applying Color

  17. Pre-Attentive: Postion

  18. Visualization Applying Position

  19. Pre-Attentive: Form - Shape

  20. Visualization Applying Shape

  21. Pre-Attentive: Form - Size

  22. Visualization Applying Size

  23. Pre-Attentive: Form - Orientation

  24. Visualization using Orientation Incidents Employee.Hours Personnel Cost

  25. Pre-Attentive: Form - Enclosure

  26. Visualization using Enclosure

  27. Visualization Techniques 1 No serial parsing

  28. Visualization Techniques 1 No serial parsing 2 Minimize the Number of Types Of Objects

  29. Visualization Techniques 1 No serial parsing 2 Minimize the Number of Types Of Objects 3 Minimize Non-data Ink/Pixels

  30. No Serial Parsing 30913646251849 50018364527489 40392726584019 18127365859202

  31. No Serial Parsing 30913646251849 50018364527489 40392726584019 18127365859202 VS 30913646251849 50018364527489 40392726584019 18127365859202

  32. Visualization Applying No Serial Parsing

  33. Minimize the Number of Types Of Objects

  34. Minimize the Number of Types Of Objects VS

  35. Visualization Applying Minimum Objects Target Source Event (a) Link graph nomenclature. 21 21 213.3.104.65 213.3.104.65 111.222.195.59 111.222.195.59 217.162.11.45 80 217.162.11.45 80 (b) Destination port, source address, and destination address. (c) Destination port, destination address, and source address.

  36. Minimize Non-data Ink/Pixels # of Packets 5.75 5 4.5 4 3 2.5 2.5 2.25 Time

  37. Minimize Non-data Ink/Pixels # of Packets 5.75 5 4.5 4 3 2.5 2.5 2.25 Time VS # of Packets Time

  38. Visualization Applying Non-data Ink/Pixels

  39. Parallel Plots 65,535 255.255.255.255 65,535 255.255.255.255 42,424 192.168.2.1 130.2.5.42 777 0.0.0.0 0 0 0.0.0.0 TCP source port TCP dest port Dest IP addr Source IP addr

  40. Animated Parallel Plots TCP source port TCP destination port TCP source port TCP destination port Packet Packet Packet Packet

  41. Link graphs: nomenclature Target Source Event

  42. Link graphs: hidden information 21 213.3.104.65 21 213.3.104.65 111.222.195.59 111.222.195.59 217.162.11.45 80 217.162.11.45 80

  43. Demo Network Visualization Tool Demo

  44. References [1] Robert Ball, Glenn A. Fink, and Chris North. Home-centric visualization of network traffic for security administration. In In VizSEC/DMSEC 04: Proceedings of the 2004 ACM workshop on Visualization and, pages 5564. ACM Press, 2004. [2] Ryan Blue, Cody Dunne, Adam Fuchs, Kyle King, and Aaron Schulman. Visualizing real-time network resource usage. In Proceedings of the 5th international workshop on Visualization for Computer Security, VizSec 08, pages 119135, Berlin, Heidelberg, 2008. Springer-Verlag. [3] Bill Cheswick, Hal Burch, and Steve Branigan. Mapping and visualizing the internet. In Proceedings of the annual conference on USENIX Annual Technical Conference, ATEC 00, pages 11, Berkeley, CA, USA, 2000. USENIX Association. [4] Greg Conti. Security Data Visualization: Graphical Techniques for Network Analysis. No Starch Press, 2007. [5] Anita D. DAmico and K. Whitley. The real work of computer network defense analysts. In Goodall et al. [8], pages 1937. [6] Stefano Foresti, Jim Agutter, Yarden Livnat, Shaun Moon, and Robert Erbacher. Visual correlation of network alerts. In IEEE Computer Graphics and Applications, pages 4859. IEEE, 2006. [7] J. R. Goodall. Introduction to visualization for computer security. In John R. Goodall, Gregory Conti, and Kwan-Liu Ma, editors, VizSEC 2007, Mathematics and Visualization, pages 117. Springer Berlin Heidelberg, 2008. 10.1007/978-3-540-78243-8 1. [8] John R. Goodall, Gregory J. Conti, and Kwan-Liu Ma, editors. VizSEC 2007, Proceedings of the Workshop on Visualization for Computer Security, Sacramento, California, USA, October 29, 2007, Mathematics and Visualization. Springer, 2008. [9] Ivan Herman, Guy Melancon, and M. Scott Marshall. Graph visualization and navigation in information visualization: A survey. IEEE Transactions on Visualization and Computer Graphics, 6:2443, January 2000. [10] Noah Iliinsky Julie Steele. Beautiful Visualization. OReilly Media, Inc., 2010. [11] Noah Iliinsky Julie Steele. Designing Data Visualizations. OReilly Media, Inc., 2011. [12] A. Komlodi, P. Rheingans, Utkarsha Ayachit, J.R. Goodall, and Amit Joshi. A user-centered look at glyph-based security visualization. In Visualization for Computer Security, 2005. (VizSEC 05). IEEE Workshop on, pages 21 28, oct. 2005.

  45. References cont. [13] Kiran Lakkaraju, William Yurcik, and Adam J. Lee. Nvisionip: netflow visualizations of system state for security situational awareness. In Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, VizSEC/DMSEC 04, pages 6572, New York, NY, USA, 2004. ACM. [14] C.P. Lee, J. Trost, N. Gibbs, Raheem Beyah, and J.A. Copeland. Visual firewall: real-time network security monitor. In Visualization for Computer Security, 2005. (VizSEC 05). IEEE Workshop on, pages 129 136, oct. 2005. [15] Yarden Livnat, Jim Agutter, Shaun Moon, Robert F. Erbacher, and Stefano Foresti. A vi- sualization paradigm for network intrusion detection. In In Proceedings of the 2005 IEEE Workshop on Information Assurance And Security, pages 9299. IEEE, 2005. [16] Raffael Marty. Applied Security Visualization. Addison-Wesley Professional, 2008. [17] Jonathan McPherson, Kwan-Liu Ma, Paul Krystosk, Tony Bartoletti, and Marvin Christensen. Portvis: a tool for port-based detection of security events. In Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, VizSEC/DMSEC 04, pages 7381, New York, NY, USA, 2004. ACM. [18] Toby Segaran. Programming Collective Intelligence. OReilly Media, Inc., 2007. [19] Colin Ware. Information Visualization: Perception for Design. Morgan Kaufmann Publishers, 2004. [20] Christopher D. Wickens, Diane L. Sandry, and Michael Vidulich. Compatibility and resource competition between modalities of input, central processing, and output. Human Factors: The Journal of the Human Factors and Ergonomics Society, 25(2):227248, 1983.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ad Hoc Network Visualization Module Name: Tactical Network Visualization with VisualCyberVAN

Ad Hoc Network Visualization Module Name: Tactical Network Visualization with VisualCyberVAN

CMPSC 597G Ad Hoc Network Visualization Module Name: Tactical Network Visualization with VisualCyberVAN with VisualCyberVAN Professor Patrick McDaniel Joshua Crafts Fall 2015 The Ontology of Network Security The overall objective of the

343 views • 21 slides
Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can

Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can

Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can Visualization can be startling, Still impressed by Visualization can be reveal previously It can stop crowds! the visualization... Impressive!

1.05k views • 36 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Integrated Visualization of Network Security Metadata from Heterogeneous Data Sources Bastian

Integrated Visualization of Network Security Metadata from Heterogeneous Data Sources Bastian

Integrated Visualization of Network Security Metadata from Heterogeneous Data Sources Bastian Hellmann Trust@HsH Research Group University of Applied Sciences and Arts in Hanover July 13th 2015 GraMSec 2015 Verona, Italy Bastian Hellmann

547 views • 15 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

Overview The Thin Blue Line: Security SysAdmins Current state of Internet Security Better Tools for System Administration: all metrics show bad -> worse unpatched software vulnerabilities Enhancing the Human-Computer

583 views • 6 slides
Among the blind, the squinter rules. Security visualization in the field About me Wim Remes

Among the blind, the squinter rules. Security visualization in the field About me Wim Remes

Among the blind, the squinter rules. Security visualization in the field About me Wim Remes .Ernst and Young Belgium (ITRA FSO) .Incident Response/Analysis .Security Monitoring (SIEM) .Security Management .Eurotrash podcast .InfosecMentors

768 views • 52 slides
S O C I A L NETWORK ANALYSIS CURRENT VISUALIZATION PROBLEMS Flat network structure and a Poor

S O C I A L NETWORK ANALYSIS CURRENT VISUALIZATION PROBLEMS Flat network structure and a Poor

AN EXPLORATION BASED APPROACH TO S O C I A L NETWORK ANALYSIS CURRENT VISUALIZATION PROBLEMS Flat network structure and a Poor organization leads Network presentation can lead lack of focus lead to a shallow to overwhelming network to

151 views • 11 slides
Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization

Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization

Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization as a Basis for Usable Security Usable Security Jennifer Rode, Carolina Johansson , Paul DiGioia, Roberto Silva Filho, Jennifer Rode,

327 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
Evaluating Performance of Burst Buffer Models for Real-Application Workloads in HPC Systems

Evaluating Performance of Burst Buffer Models for Real-Application Workloads in HPC Systems

Evaluating Performance of Burst Buffer Models for Real-Application Workloads in HPC Systems Harsh Khetawat Frank Mueller Christopher Zimmer Introduction Existing storage systems becoming bottleneck Solution: burst buffers Use

426 views • 6 slides
Artifactory High Availability By Rajesh Kumar From version 3.1, Artifactory supports a High

Artifactory High Availability By Rajesh Kumar From version 3.1, Artifactory supports a High

Artifactory High Availability By Rajesh Kumar From version 3.1, Artifactory supports a High Availability network configuration with a cluster of 2 or more, active/active, read/write Artifactory servers on the same Local Area Network (LAN).

446 views • 11 slides
Convolutional Neural Networks Lecturer: Barnabas Poczos Disclaimer : These notes have not been

Convolutional Neural Networks Lecturer: Barnabas Poczos Disclaimer : These notes have not been

Introduction to Machine Learning (Lecture Notes) Convolutional Neural Networks Lecturer: Barnabas Poczos Disclaimer : These notes have not been subjected to the usual scrutiny reserved for formal publications. They may be distributed outside this

183 views • 5 slides
A quick review The clustering problem: partition genes into distinct sets with high

A quick review The clustering problem: partition genes into distinct sets with high

A quick review The clustering problem: partition genes into distinct sets with high homogeneity and high separation Hierarchical clustering algorithm: 1. Assign each object to a separate cluster. 2. Regroup the pair of clusters

704 views • 43 slides
Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer

Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer

Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer NETWORK ANALYST @packetpioneer www.packetpioneer.com Why So Important? James Packets can be very detailed Network Engineer Visualizing Traffic

221 views • 11 slides
SI SIMULATION DESI SIGN AND ANALYSI SIS S OF ENERGY- EF EFFICIEN ENT DATA A RED REDISTRI

SI SIMULATION DESI SIGN AND ANALYSI SIS S OF ENERGY- EF EFFICIEN ENT DATA A RED REDISTRI

SI SIMULATION DESI SIGN AND ANALYSI SIS S OF ENERGY- EF EFFICIEN ENT DATA A RED REDISTRI RIBUTION IN SELF ELFISH BAS ASE E ST STATION-LESS SS SE SENSO SOR NETWORKS Andre Chen October 26, 2018 Ov Overview Problem description

625 views • 45 slides
Computational Issues in Simple and Influence Games Maria Serna Fall 2016 AGT-MIRI Cooperative

Computational Issues in Simple and Influence Games Maria Serna Fall 2016 AGT-MIRI Cooperative

Contents Definitions, games and problems IsStrong and IsProper IsWeighted IsInfluence Computational Issues in Simple and Influence Games Maria Serna Fall 2016 AGT-MIRI Cooperative Game Theory Contents Definitions, games and problems

1.7k views • 145 slides
HOW TO MAKE AN IMPACT IN THE FIRST 180 DAYS Presented by Davinia Khong Senior Marketing

HOW TO MAKE AN IMPACT IN THE FIRST 180 DAYS Presented by Davinia Khong Senior Marketing

JULY 15, 2020 HOW TO MAKE AN IMPACT IN THE FIRST 180 DAYS Presented by Davinia Khong Senior Marketing Leader, APAC - Backbase A) I'm about to start a new role as a B2B marketer. B) I'm currently in B2B marketing and aspiring towards a

127 views • 9 slides

More recommend