Effective visualizations for information security data are challenging. Given the streaming nature of network data and the mix of numeric and categorical types (e.g. DNS records) visualizations that are meaningful and informative are often hard to find. Even highly successful application interfaces like Kibana and Splunk will often provide a simple set of volume-over-time histograms, pie/donut charts and line plots. Although these visualizations provide some information they are limited in application and fidelity.
In this presentation we’ll explore several novel visualization approaches for information security data. Our non-traditional approaches will explore dynamic updates, mixed categorical/numeric representations, animations and other experimental facets. We intend to present our findings ‘warts’ and all. The presentation will include approaches that worked reasonably well and those that flopped (which is often just as informative).
Brian Wylie is a technical lead at Kitware Inc. His interests include networking, static analysis, and streaming architectures. Recent work includes modeling for SQL injection, hidden DNS and HTTP tunnels, streaming clustering and anomaly detection. Brian has spoken at ShmooCon, BSides Las Vegas, BSides Austin, InfoSec Southwest, BSides DFW, and O’Reilly Open Source Conferences. Brian works on a large range of security and network analysis GitHub projects: •BroThon: github.com/Kitware/BroThon •Security Workbench: github.com/SuperCowPowers/workbench •Chains (Python Networking): github.com/SuperCowPowers/chains •Data Hacking: github.com/ClickSecurity/data_hacking •DPKT: github.com/kbandla/dpkt •PyPCAP: github.com/pynetwork/pypcap