Visualization in Network Security
One of the best resources for innovations in the field of visualization for network security is the Annual VizSec Workshop. This year the VizSec Workshop will be held in Atlantic City, NJ along with the Visualization conference and the InfoVis conference. Click here for more details about the workshop – VisSec 2009.
Before I discuss some innovative visualizations for network security, let me point out that there are two excellent books written by visualization for network security experts. Here they are:
Security Data Visualization is a well-researched and richly illustrated introduction to the field. Greg Conti, creator of the network and security visualization tool RUMINT, shows you how to graph and display network data using a variety of tools so that you can understand complex datasets at a glance. And once you’ve seen what a network attack looks like, you’ll have a better understanding of its low-level behavior–like how vulnerabilities are exploited and how worms and viruses propagate.
In Applied Security Visualization, leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. You’ll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance.
Read after the break for some other excellent sources of innovations in the network security visualization field:
- Detecting Flaws and Intruders with Visual Data Analysis by Soon Tee Teoh, Kwan-Liu Ma, Soon Felix Wu and T.J. Jankun-Kelly.
- Large-Scale Network Monitoring for Visual Analysis of Attacks by Fabian Fischer, Florian Mansmann, Daniel A. Keim, Stephan Pietzko, and Marcel Waldvogel.
- Goodall, John R. “Defending the Network: Visualizing Network Packets for Intrusion Detection Analysis.” Ph.D. Dissertation, University of Maryland, Baltimore County (UMBC), 2006.
- Visualizing network security events using compound glyphs from a service-oriented perspective (Master’s Thesis) by Jason Pearlman
- PortVis: A Tool for Port Based Detection of Security Events by Jonathan McPherson, Kwan-Liu Ma, Paul Krystosk, Tony Bartoletti, Marvin Christensen
- A Visualization Methodology for Characterization of Network Scans by Chris Muelder, Kwan-Liu Ma, and Tony Bartoletti.
- Goodall, John R., Wayne G. Lutters, Penny Rheingans, and Anita Komlodi. “Focusing on Context in Network Traffic Analysis.” IEEE Computer Graphics and Applications 26(2), IEEE Press, 2006, 72-80.
- Case Study: Interactive Visualization for Internet Security by Soon Tee Teoh, Kwan-Liu Ma, Wu S.F. and Xiaoliang Zhao
- GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool by Leevar Williams, Richard Lippmann and Kyle Ingols.
- A Visual Exploration Process for the Analysis of Internet Routing Data - Soon Tee Teoh, Kwan-Liu Ma and Wu, S.F.
- BGPeep: An IP-Space Centered View for Internet Routing Data by James Shearer, Kwan-Liu Ma and Toby Kohlenberg
- Using Time Series 3D AlertGraph and False Alert Classification to Analyse Snort Alerts by Shahrulniza Musa and David J. Parish.
- NetFlow Data Visualization Based on Graphs by Pavel Minarik and Tomas Dymace
- Combining Visual and Automated Data Mining for Near Real Time Anomaly Detection and Analysis in BGP by Soon Tee Teoh, Ke Zhang, Shih Ming Tseng, Kwan-Liu Ma, and Felix Wu.
These are some of the resources that I found extremely interesting and useful. Most of the papers are from the VisSec Workshop and I would strongly encourage you to try to attend the workshop this year on October 11th in Atlantic City, NJ.
As a network security expert, if you have any other resources/software/tools that you think are integral to your day to day activities, please let us know.