visualization

HoneyMap - Visualizing Worldwide Attacks in Real-Time

HoneyMap Screenshot

The HoneyMap shows a real-time visualization of attacks against the Honeynet Project's sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions. Before going into explanations, take a look at the map itself: map.honeynet.org!

First release from Network Analyzer project

Hi everyone, I am announcing an initial release of the Ovizart,
Network Analyzer Project
. Ovizart (OV - Open VİZual Analsis foR network Traffic ) is a web based application that will let users upload captured traffic in a PCAP format, analyze the traffic, and present the traffic in an intuitive manner. The current development branch is located on Github: https://github.com/oguzy/ovizart.

Congratulations to the winners of Forensic Challenge FC10- Attack Visualization !

While the quantity of submissions for FC10 was lower than usual - we had expected this because of the amount of work required to submit plus being over the Christmas break - the quality of the solutions was really inspiring.

Of course the hardest part was deciding the winners, and as expected the traditional scoring method was not ideal for this type of challenge because the challenge was about creating and developing ideas, rather than just answering a number of dry questions. Quite a few people people used the challenge not so much to win a prize, but to have fun, develop an idea they've had, practice on some real datasets, learn, and teach. This was exactly the spirit we'd hoped for, so thanks to everyone for putting in a big effort.

The Winners and their solutions:
Fabian Fischer - solution

Chris Horsley - solution

Fraser Scott - solution

Dan Gleebits - solution

Johnathan Tracz - solution

The standout theme in the submissions for me was the use of interactive and flexible tools to analyse the data. As we move further into the big data world, its going to be imperative to get inside the data interactively to understand it. Some of the solutions focused on developing brand new applications/frameworks to interactively data sets - Check out the submissions from Fabian and Chris as really good examples of this. While Fraser put forward the idea of rendering images in 3D - which is not that far-out an idea actually, why not?!.

We hope that this challenge was enjoyable for those who participated, and for those downloading the submissions for inspiration. These challenges have a long legacy, we see people downloading, attempting and referencing these challenges and the solutions for education purposes years afterwards, so they are an important program at the Honeynet Project.

It would be great to see solutions to future forensic challenges use visualization, not only to analyse and detect trends, but also to describe the problem space to the layperson. With that said - the next Forensic challenge, FC11 should be released shortly - so stay tuned.

And lastly, if anyone wants to develop their ideas further, a good way (i.e. get paid if you are accepted!) is to get involved in our upcoming Google Summer of Code program GSOC12

Italian Chapter updates

Folks,

I would like to inform you all about our recent activities that we are attempting to achieve.

First of all, we have totally rebuilt our web site. This new ones aim to be a central repository of all the (external/internal) news concerning botnets (mainly) and malwares (secondary).
We will use the blog for posting about our project developments, and for commenting/reporting interesting news concerning the field that we are currently treating, so you can now add a new entry to your feeds reader :)

A view on Conficker's inside

Many people have asked us, how Conficker looks like. That's a tough question for something that's hidden and tries to be as stealthy as possible. The last time somebody asked me: "Can you show me Conficker?", I decided to visualize Conficker. Here is a little video that shows the evil core of Conficker.C.
 

Picviz 0.5 out

The new release 0.5 of Picviz is out. This version comes with real-time mode enabled (and adds the libevent dependency) among other things, such as new properties and variables.

Get it from the usual place.

What is Picviz?

When considering log files for security, usual applications available today
either look for patterns using signature databases or use a behavioral
approach. In both cases, information can be missed. The problem becomes
bigger with systems receiving a massive amount of logs.

Syndicate content