IDS mailing list archives
Re: Tools to Visualize Security Data
From: Byron Sonne <blsonne () rogers com>
Date: Sun, 11 Dec 2005 02:29:48 -0500
I am trying to collect a list of tools and methods that people are using to visualize security data. What tools are people using? Anything? Or is everyone still working with textual representations?
I think I ran into you at BlackHat & DefCon this year, didn't I? I had some ideas about plotting binary data in skinny graphs, y-axis being the ascii value of the byte (0-255) and x-axis being the offset inside the packet/datagram/whatever (could be any data source for that matter, multiple files, etc.). Silly and simple idea, did it in python with pychart.
Turned out to be alot more interesting and alot less practical than I thought ;) There's alot to look at, the way the delimiters stick out, the different patterns between text, binary, different forms of compression and encoding, etc. I had built a little shell around it that you could use to construct packets and probe/tickle multiple targets in parallel.
However, once I saw scapy I realized someone had done most of the work already, and done it better. Just need to figure out how to do the plotting with it, if someone hasn't done it already. Also would like to add an option to plot only the deltas. Other ideas include adding a 3rd dimension to the graph (time), do it up like a waterfall plot. You're dealing with potentially massive amounts of data, capture everything to a database so you can do more in depth stuff later. Who knows.
Has anyone used afterglow (afterglow.sourceforge.net) and has come up with some neat ways of visualizing data? Maybe some really cool way of representing a certain type of log file?
I'm not familiar with that bit of software, but I will certainly take a look into it now :) Thanks for the tip.
Cheers, Byron ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- Tools to Visualize Security Data Raffael Marty (Dec 10)
- Re: Tools to Visualize Security Data Byron Sonne (Dec 12)
- <Possible follow-ups>
- Re: Tools to Visualize Security Data espen (Dec 21)