Presentation is loading. Please wait.

Presentation is loading. Please wait.

Real Time and Forensic Network Data Analysis Using Animated Combined Visualizations Sven Krasser Gregory Conti Julian Grizzard Jeff Gribschaw Henry Owen.

Published byEleanor Short Modified over 9 years ago

Similar presentations

Presentation on theme: "Real Time and Forensic Network Data Analysis Using Animated Combined Visualizations Sven Krasser Gregory Conti Julian Grizzard Jeff Gribschaw Henry Owen."— Presentation transcript:

1 Real Time and Forensic Network Data Analysis Using Animated Combined Visualizations Sven Krasser Gregory Conti Julian Grizzard Jeff Gribschaw Henry Owen Georgia Institute of Technology

2 Overview of Visualization

3

4 Motivation High level analysis - low level discovery Complement Ethereal by providing big picture context TIVO for Network Traffic Dealing with customers Network behavior / Intruder behavior Support Honeynet log analysis Not real-time intrusion detection (yet)

5 System Design real time packet capture and forensic playback navigate forwards and backwards in dataset 3D and 2D views Open GL and commodity hardware (P4 2.5GB) Parallel coordinate plot adjacent to two animated displays

6 Overview and Detail

7 Routine Honeynet Traffic (baseline)

8 Slammer Worm

9 Constant Bitrate UDP Traffic

10 Port Sweep

11 Attempted HTTP Attack…

12 Attempted HTTP Attack… (zoom)

13 Compromised Honeypot

14 Attacker Transfers Three Files…

15 campus network

16 Inbound Campus Traffic (5 seconds)

17 Campus Network Traffic (10 msec capture) inbound outbound

18 botnet visualization

19 Combined botnet/honeynet traffic

20 System Performance

21

22 Conclusions Combining of visualization techniques Open GL and commodity hardware Significant analyst performance gains Interaction techniques Distinct visual signatures –Smart Books Tipping point on high volume networks –Honeynet /CTF analysis possible now –Prefiltering required for general purpose use

23 Future Work Semantic zoom –packets -> flows -> application/protocol specific Work through slices of network traffic –allow user to focus on what is interesting Maximize customization and interaction –Filtering and encoding –All fields Multiple data streams Knowledge discovery Help highlight what is interesting Easily drop in different windows on network traffic –look at traffic from different perspectives Evaluation

24 Demo of tools

25 Acknowledgements Charles Robert Simpson for providing NETI@home packet capture source code David Dagon for for providing the botnet data

26 Questions? Image: http://altura.speedera.net/ccimg.catalogcity.com/210000/211700/211780/Products/6203927.jpg Sven Krasser sven@ece.gatech.edu Gregory Conti conti@cc.gatech.edu Julian Grizzard grizzard@ece.gatech.edu Jeff Gribschaw jgribsch@ece.gatech.edu Henry Owen henry.owen@ece.gatech.edu Paper

Download ppt "Real Time and Forensic Network Data Analysis Using Animated Combined Visualizations Sven Krasser Gregory Conti Julian Grizzard Jeff Gribschaw Henry Owen."

Similar presentations

The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.

Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Electrical Engineering and Computer Science Northwestern University

Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Electrical Engineering and Computer Science Northwestern University
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
NAV Project Update By: Meghan Allen and Peter McLachlan.

NAV Project Update By: Meghan Allen and Peter McLachlan.
Live Re-orderable Accordion Drawing (LiveRAC) Peter McLachlan, Tamara Munzner Eleftherios Koutsofios, Stephen North AT&T Research Symposium August, 2007.

Live Re-orderable Accordion Drawing (LiveRAC) Peter McLachlan, Tamara Munzner Eleftherios Koutsofios, Stephen North AT&T Research Symposium August, 2007.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.

PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)

Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.

Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google