network security visualization
play

Network Security Visualization Genevieve Max & Keith Fligg - PowerPoint PPT Presentation

Oct 22, 2022 •708 likes •1.18k views

Network Security Visualization Genevieve Max & Keith Fligg April 22, 2012 Attack Scenario Gather Raw Network Data 0101010101011101010 1010010101110010101 0011010101011100010 Network 0010100010101110001 OS 0111011010001010101

  1. Network Security Visualization Genevieve Max & Keith Fligg April 22, 2012

  2. Attack Scenario Gather Raw Network Data 0101010101011101010 1010010101110010101 0011010101011100010 Network 0010100010101110001 OS 0111011010001010101 1111000101110010001 Attacker Apps 0011000111010101010 1010111010101010010 1011100101010011010 Firewall and Router 1010111000100010100 Visualization Fix Vulnerabilities

  3. Three Ws of Tool Design 1 Where in the network is the attack happening?

  4. Three Ws of Tool Design 1 Where in the network is the attack happening? 2 When is the attack happening?

  5. Three Ws of Tool Design 1 Where in the network is the attack happening? 2 When is the attack happening? 3 What type of attack is happening?

  6. Visualization Answering Three Ws

  7. Firewall Log

  8. Port Scan: Processed Log Files (psad)

  9. Port Scan: Visualization

  10. Circular Visualization

  11. Pre-Attentive Objects 1 Color

  12. Pre-Attentive Objects 1 Color 2 Position

  13. Pre-Attentive Objects 1 Color 2 Position 3 Form

  14. Pre-Attentive Objects 1 Color 2 Position 3 Form 4 Motion

  15. Pre-Attentive: Color

  16. Visualization Applying Color

  17. Pre-Attentive: Postion

  18. Visualization Applying Position

  19. Pre-Attentive: Form - Shape

  20. Visualization Applying Shape

  21. Pre-Attentive: Form - Size

  22. Visualization Applying Size

  23. Pre-Attentive: Form - Orientation

  24. Visualization using Orientation Incidents Employee.Hours Personnel Cost

  25. Pre-Attentive: Form - Enclosure

  26. Visualization using Enclosure

  27. Visualization Techniques 1 No serial parsing

  28. Visualization Techniques 1 No serial parsing 2 Minimize the Number of Types Of Objects

  29. Visualization Techniques 1 No serial parsing 2 Minimize the Number of Types Of Objects 3 Minimize Non-data Ink/Pixels

  30. No Serial Parsing 30913646251849 50018364527489 40392726584019 18127365859202

  31. No Serial Parsing 30913646251849 50018364527489 40392726584019 18127365859202 VS 30913646251849 50018364527489 40392726584019 18127365859202

  32. Visualization Applying No Serial Parsing

  33. Minimize the Number of Types Of Objects

  34. Minimize the Number of Types Of Objects VS

  35. Visualization Applying Minimum Objects Target Source Event (a) Link graph nomenclature. 21 21 213.3.104.65 213.3.104.65 111.222.195.59 111.222.195.59 217.162.11.45 80 217.162.11.45 80 (b) Destination port, source address, and destination address. (c) Destination port, destination address, and source address.

  36. Minimize Non-data Ink/Pixels # of Packets 5.75 5 4.5 4 3 2.5 2.5 2.25 Time

  37. Minimize Non-data Ink/Pixels # of Packets 5.75 5 4.5 4 3 2.5 2.5 2.25 Time VS # of Packets Time

  38. Visualization Applying Non-data Ink/Pixels

  39. Parallel Plots 65,535 255.255.255.255 65,535 255.255.255.255 42,424 192.168.2.1 130.2.5.42 777 0.0.0.0 0 0 0.0.0.0 TCP source port TCP dest port Dest IP addr Source IP addr

  40. Animated Parallel Plots TCP source port TCP destination port TCP source port TCP destination port Packet Packet Packet Packet

  41. Link graphs: nomenclature Target Source Event

  42. Link graphs: hidden information 21 213.3.104.65 21 213.3.104.65 111.222.195.59 111.222.195.59 217.162.11.45 80 217.162.11.45 80

  43. Demo Network Visualization Tool Demo

  44. References [1] Robert Ball, Glenn A. Fink, and Chris North. Home-centric visualization of network traffic for security administration. In In VizSEC/DMSEC 04: Proceedings of the 2004 ACM workshop on Visualization and, pages 5564. ACM Press, 2004. [2] Ryan Blue, Cody Dunne, Adam Fuchs, Kyle King, and Aaron Schulman. Visualizing real-time network resource usage. In Proceedings of the 5th international workshop on Visualization for Computer Security, VizSec 08, pages 119135, Berlin, Heidelberg, 2008. Springer-Verlag. [3] Bill Cheswick, Hal Burch, and Steve Branigan. Mapping and visualizing the internet. In Proceedings of the annual conference on USENIX Annual Technical Conference, ATEC 00, pages 11, Berkeley, CA, USA, 2000. USENIX Association. [4] Greg Conti. Security Data Visualization: Graphical Techniques for Network Analysis. No Starch Press, 2007. [5] Anita D. DAmico and K. Whitley. The real work of computer network defense analysts. In Goodall et al. [8], pages 1937. [6] Stefano Foresti, Jim Agutter, Yarden Livnat, Shaun Moon, and Robert Erbacher. Visual correlation of network alerts. In IEEE Computer Graphics and Applications, pages 4859. IEEE, 2006. [7] J. R. Goodall. Introduction to visualization for computer security. In John R. Goodall, Gregory Conti, and Kwan-Liu Ma, editors, VizSEC 2007, Mathematics and Visualization, pages 117. Springer Berlin Heidelberg, 2008. 10.1007/978-3-540-78243-8 1. [8] John R. Goodall, Gregory J. Conti, and Kwan-Liu Ma, editors. VizSEC 2007, Proceedings of the Workshop on Visualization for Computer Security, Sacramento, California, USA, October 29, 2007, Mathematics and Visualization. Springer, 2008. [9] Ivan Herman, Guy Melancon, and M. Scott Marshall. Graph visualization and navigation in information visualization: A survey. IEEE Transactions on Visualization and Computer Graphics, 6:2443, January 2000. [10] Noah Iliinsky Julie Steele. Beautiful Visualization. OReilly Media, Inc., 2010. [11] Noah Iliinsky Julie Steele. Designing Data Visualizations. OReilly Media, Inc., 2011. [12] A. Komlodi, P. Rheingans, Utkarsha Ayachit, J.R. Goodall, and Amit Joshi. A user-centered look at glyph-based security visualization. In Visualization for Computer Security, 2005. (VizSEC 05). IEEE Workshop on, pages 21 28, oct. 2005.

  45. References cont. [13] Kiran Lakkaraju, William Yurcik, and Adam J. Lee. Nvisionip: netflow visualizations of system state for security situational awareness. In Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, VizSEC/DMSEC 04, pages 6572, New York, NY, USA, 2004. ACM. [14] C.P. Lee, J. Trost, N. Gibbs, Raheem Beyah, and J.A. Copeland. Visual firewall: real-time network security monitor. In Visualization for Computer Security, 2005. (VizSEC 05). IEEE Workshop on, pages 129 136, oct. 2005. [15] Yarden Livnat, Jim Agutter, Shaun Moon, Robert F. Erbacher, and Stefano Foresti. A vi- sualization paradigm for network intrusion detection. In In Proceedings of the 2005 IEEE Workshop on Information Assurance And Security, pages 9299. IEEE, 2005. [16] Raffael Marty. Applied Security Visualization. Addison-Wesley Professional, 2008. [17] Jonathan McPherson, Kwan-Liu Ma, Paul Krystosk, Tony Bartoletti, and Marvin Christensen. Portvis: a tool for port-based detection of security events. In Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, VizSEC/DMSEC 04, pages 7381, New York, NY, USA, 2004. ACM. [18] Toby Segaran. Programming Collective Intelligence. OReilly Media, Inc., 2007. [19] Colin Ware. Information Visualization: Perception for Design. Morgan Kaufmann Publishers, 2004. [20] Christopher D. Wickens, Diane L. Sandry, and Michael Vidulich. Compatibility and resource competition between modalities of input, central processing, and output. Human Factors: The Journal of the Human Factors and Ergonomics Society, 25(2):227248, 1983.

Recommend

Ad Hoc Network Visualization Module Name: Tactical Network Visualization with VisualCyberVAN

Ad Hoc Network Visualization Module Name: Tactical Network Visualization with VisualCyberVAN

CMPSC 597G Ad Hoc Network Visualization Module Name: Tactical Network Visualization with VisualCyberVAN with VisualCyberVAN Professor Patrick McDaniel Joshua Crafts Fall 2015 The Ontology of Network Security The overall objective of the

343 views • 21 slides
Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can

Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can

Security Visualization Tim Vidas & Hanan Hibshi UPS 2011 1 Visualization Visualization can Visualization can be startling, Still impressed by Visualization can be reveal previously It can stop crowds! the visualization... Impressive!

1.05k views • 36 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Integrated Visualization of Network Security Metadata from Heterogeneous Data Sources Bastian

Integrated Visualization of Network Security Metadata from Heterogeneous Data Sources Bastian

Integrated Visualization of Network Security Metadata from Heterogeneous Data Sources Bastian Hellmann Trust@HsH Research Group University of Applied Sciences and Arts in Hanover July 13th 2015 GraMSec 2015 Verona, Italy Bastian Hellmann

547 views • 15 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

Overview The Thin Blue Line: Security SysAdmins Current state of Internet Security Better Tools for System Administration: all metrics show bad -> worse unpatched software vulnerabilities Enhancing the Human-Computer

583 views • 6 slides
Among the blind, the squinter rules. Security visualization in the field About me Wim Remes

Among the blind, the squinter rules. Security visualization in the field About me Wim Remes

Among the blind, the squinter rules. Security visualization in the field About me Wim Remes .Ernst and Young Belgium (ITRA FSO) .Incident Response/Analysis .Security Monitoring (SIEM) .Security Management .Eurotrash podcast .InfosecMentors

768 views • 52 slides
S O C I A L NETWORK ANALYSIS CURRENT VISUALIZATION PROBLEMS Flat network structure and a Poor

S O C I A L NETWORK ANALYSIS CURRENT VISUALIZATION PROBLEMS Flat network structure and a Poor

AN EXPLORATION BASED APPROACH TO S O C I A L NETWORK ANALYSIS CURRENT VISUALIZATION PROBLEMS Flat network structure and a Poor organization leads Network presentation can lead lack of focus lead to a shallow to overwhelming network to

151 views • 11 slides
Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization

Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization

Seeing Further: Extending Seeing Further: Extending Visualization as a Basis for Visualization as a Basis for Usable Security Usable Security Jennifer Rode, Carolina Johansson , Paul DiGioia, Roberto Silva Filho, Jennifer Rode,

327 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
Network Visualization Hauptseminar Information Visualization - Wintersemester 2008/2009"

Network Visualization Hauptseminar Information Visualization - Wintersemester 2008/2009"

Network Visualization Hauptseminar Information Visualization - Wintersemester 2008/2009" Andreas Lodde LFE Medieninformatik Datum LMU Department of Media Informatics | Hauptseminar WS 2008/2009 |

474 views • 15 slides
13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context

13 - Computer Security Network Security 1 Context Computers connected in a network - but also: smartphones, fridges, IoT devices, Each device has an IP address Packets are routed via

771 views • 51 slides
Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon

Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon

Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon 4 th year Ph.D. Student Carnegie Mellon University Advisor: Vyas Sekar Research Area: Network Security A Vulnerable Network! Networks: explosion

583 views • 7 slides
In this class ! Gephi (visualization and basic network metrics) ! NetLogo (modeling network

In this class ! Gephi (visualization and basic network metrics) ! NetLogo (modeling network

SNA L1B: software tools Lada Adamic In this class ! Gephi (visualization and basic network metrics) ! NetLogo (modeling network dynamics) ! iGraph (for programming assignments) Alternatives (User friendly) ! Pajek ! http://pajek.imfm.si/doku.php

623 views • 8 slides
A primer on network flow visualization Gregory Travis Advanced Network Management Lab Indiana

A primer on network flow visualization Gregory Travis Advanced Network Management Lab Indiana

A primer on network flow visualization Gregory Travis Advanced Network Management Lab Indiana University greg@iu.edu Problem: Seeing the Forest through the trees Too much information Abilene generating 5-6,000 flows/second

828 views • 35 slides

More recommend