MalwareZ is a visualization project that is started as a YakindanEgitim (YE) project. YE is a startup that me and some collegues mentor young people on specific projects, remotely. It is announced as a local fork of Google Summer of Code, except neither mentors nor mentees are paid.
Gürcan Gerçek was the main developer for the MalwareZ project and my role was mentoring him.
There is a vm image, that you can import the appliance and see the application at your own machine. You may download the ova file here: http://www.loopbacking.info/ovizart/
To import the image, you will need VirtulBox installed.
Hi everyone, I am announcing an initial release of the Ovizart,
Network Analyzer Project. Ovizart (OV - Open VİZual Analsis foR network Traffic ) is a web based application that will let users upload captured traffic in a PCAP format, analyze the traffic, and present the traffic in an intuitive manner. The current development branch is located on Github: https://github.com/oguzy/ovizart.
Although it is still time for the official coding period start at GSoC 2012, i started to make my commits for the Network Analyzer project . The output of the project will be a web based traffic analyzer. It is aimed to let people upload their files from web interface and see the results. Instead of the detail header information, network analyzer will be focusing on applicaiton level data for display.
While the "pencil down" date is approaching, i would like to announce the latest situation at Webviz project. From the last time till time, there have been some changes at the visualization:
* The size of the visualization increased
* A better map is located as base map
* Mesh working principle is changed from country based to IP based. The returning database results are grouped by IP.
* Legends are detailed
* For a better distributed results, an IP set that is collected for a long period is also added to the database.
The latest result is as below:
The review period is coming and i decided to write an entry to inform about the Webviz project. Till now the first output of the project is a proof of concept work (requires WebGL supported browser, tested on Firefox 5 and Firefox 4, on other browsers i don't guarantee it works fine).
The figure displays the visualized data. The elevations corresponds to the geograpical malware numbers. The more malware detected the higher peeks are represented with changing color.
Visualization is a niche area especially at the security analysis. As mentioned in a well-known sentence; "A picture is worth a thousand words". The importance and the power of the visualization in the security area stands out with the ability to define multi-dimensional data with a single shape. When addressing the creating a mesh tiled 3D view on an Earth map, i was reading about the geoweb application development. A geoweb application consists of some components.
This summer, I will be dealing with the malware analysis distribution from a visualization perspective at a timeline and geographic basis. To collect data related with malwares, I installed the Dionaea, which is a successor of Nepenthes. The documentation of the Dionaea is plain and easy to follow. I chosed Debian Squeeze to install the honeypot on it. Installing the base system from netinstall CD and following the documentation was enough till i got an error message during the compiling process of Dionaea.