Real Time and Forensic Network Data Analysis Using Animated Combined Visualizations Sven Krasser Gregory Conti Julian Grizzard Jeff Gribschaw Henry Owen.

Slides:



Advertisements
Similar presentations
The Most Analytical and Comprehensive Defense Network in a Box.
Advertisements

We’ve got what it takes to take what you got! NETWORK FORENSICS.
Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Intrusion Detection Systems and Practices
Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Electrical Engineering and Computer Science Northwestern University
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
NAV Project Update By: Meghan Allen and Peter McLachlan.
Live Re-orderable Accordion Drawing (LiveRAC) Peter McLachlan, Tamara Munzner Eleftherios Koutsofios, Stephen North AT&T Research Symposium August, 2007.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Lesson 19: Configuring Windows Firewall
Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
Lecture 11 Intrusion Detection (cont)
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.
Passive Visual Fingerprinting of Network Attack Tools Gregory Conti Kulsoom Abdullah College of Computing Georgia Institute of Technology Passive.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
ARO–MURI Thoughts on Visualization for Cyber Situation Awareness MURI Meeting July 8–9, 2015 Christopher G. Healey Lihua Hao Steve E. Hutchinson CS Department,
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Honeypot and Intrusion Detection System
Visualizing Information in Global Networks in Real Time Design, Implementation, Usability Study.
Information Visualization for Intrusion Detection Analysis: A Needs Assessment of Security Experts John Goodall, Anita Komlodi, Wayne G. Lutters UMBC Workshop.
Beyond Ethereal: Crafting A Tivo for Security Datastreams Gregory Conti
FlowScan at the University of Wisconsin Perry Brunelli, Network Services.
Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.
HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’™s in his book “The Cuckoo’s Egg” and by Bill Cheswick’€™s.
Countering Denial of Information Attacks with Network Visualization Gregory Conti
Linux Networking and Security
A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.
Network Attack Visualization Greg Conti
Mapping Internet Sensors with Probe Response Attacks Authors: John Bethencourt, Jason Franklin, Mary Vernon Published At: Usenix Security Symposium, 2005.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.
Defending Against Internet Worms: A Signature-Based Approach Aurthors: Yong Tang, and Shigang Chen Publication: IEEE INFOCOM'05 Presenter : Richard Bares.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Automating Analysis of Large-Scale Botnet Probing Events Zhichun Li, Anup Goyal, Yan Chen and Vern Paxson* Lab for Internet and Security Technology (LIST)
Evaluate the Merits of Using Honeypots to Defend against Distributed Denial- of-Service Attacks on Web Servers By Cheow Lip Goh.
Data Mining BS/MS Project Anomaly Detection for Cyber Security Presentation by Mike Calder.
Lesson 11: Configuring and Maintaining Network Security
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Louisiana Tech Capstone Submitted by Capstone 2010 Cyber Security Situational Awareness System.
1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”
Intrusion Detection System
Network Security Data Visualization Greg Conti CS6262
1 Presentation Methodology Summary B. Golden. 2 Introduction Why use visualizations?  To facilitate user comprehension  To convey complexity and intricacy.
HoneyStat: Local Worm Detection Using Honeypots David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, et al from Georgia Institute of Technology Authors: The.
UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
Final Project: Advanced Security Blade IPS and DLP blades.
Jason Ewing. What is an Intrusion Why Detecting Signs of Intrusion is Important? Types of Intrusion Detection Systems (IDS) Approaches for Detection Anomaly.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Network Security Lab Jelena Mirkovic Sig NewGrad presentantion.
Snort – IDS / IPS.
資料通訊與網路 教授: 吳照輝 助教: 鄺福全.
Honeypots and Honeynets
Intrusion Detection Systems (IDS)
Wireshark CSC8510 David Sivieri.
12/6/2018 Honeypot ICT Infrastructure Sashan
Honeypots Visit for more Learning Resources 1.
Presentation transcript:

Real Time and Forensic Network Data Analysis Using Animated Combined Visualizations Sven Krasser Gregory Conti Julian Grizzard Jeff Gribschaw Henry Owen Georgia Institute of Technology

Overview of Visualization

Motivation High level analysis - low level discovery Complement Ethereal by providing big picture context TIVO for Network Traffic Dealing with customers Network behavior / Intruder behavior Support Honeynet log analysis Not real-time intrusion detection (yet)

System Design real time packet capture and forensic playback navigate forwards and backwards in dataset 3D and 2D views Open GL and commodity hardware (P4 2.5GB) Parallel coordinate plot adjacent to two animated displays

Overview and Detail

Routine Honeynet Traffic (baseline)

Slammer Worm

Constant Bitrate UDP Traffic

Port Sweep

Attempted HTTP Attack…

Attempted HTTP Attack… (zoom)

Compromised Honeypot

Attacker Transfers Three Files…

campus network

Inbound Campus Traffic (5 seconds)

Campus Network Traffic (10 msec capture) inbound outbound

botnet visualization

Combined botnet/honeynet traffic

System Performance

Conclusions Combining of visualization techniques Open GL and commodity hardware Significant analyst performance gains Interaction techniques Distinct visual signatures –Smart Books Tipping point on high volume networks –Honeynet /CTF analysis possible now –Prefiltering required for general purpose use

Future Work Semantic zoom –packets -> flows -> application/protocol specific Work through slices of network traffic –allow user to focus on what is interesting Maximize customization and interaction –Filtering and encoding –All fields Multiple data streams Knowledge discovery Help highlight what is interesting Easily drop in different windows on network traffic –look at traffic from different perspectives Evaluation

Demo of tools

Acknowledgements Charles Robert Simpson for providing packet capture source code David Dagon for for providing the botnet data

Questions? Image: Sven Krasser Gregory Conti Julian Grizzard Jeff Gribschaw Henry Owen Paper

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.