On even a moderately sized network, activity can easily reach the order of millions, perhaps billions, of packets. Hidden in this sea of data is malicious activity. Current network analysis and monitoring tools primarily use text and simple charting to present information. These methods, while effective in some circumstances, can overwhelm the analyst with too much, or the wrong type of, information. This situation is worsened by today's algorithmic intrusion detection systems, which, although generally effective, can overwhelm the analyst with unacceptably high false positive and false negative rates.
This talk explores the possibilities of visually presenting network traffic in a way that complements existing text-based analysis tools and intrusion detection systems. By graphically presenting information in the right way, we can tap into the high-bandwidth capability and visual recognition power of the human mind. Using the proper visualizations, previously masked anomalous activity can become readily apparent.
This talk will be of interest to those who wish to learn about information visualization as it applies to network security. It requires a basic understanding of the OSI model and packet encapsulation. Attendees will leave with an increased understanding of information visualization that they can apply to their own development projects and management of their networks.
Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy. He holds a Masters Degree in Computer Science from Johns Hopkins University and a Bachelor of Science in Computer Science from the United States Military Academy. His areas of expertise include network security, interface design and information warfare. Greg has worked at a variety of military intelligence assignments specializing in Signals Intelligence. Currently he is on a Department of Defense Fellowship and is working on his PhD in Computer Science at Georgia Tech. He is conducting research into Denial of Information Attacks.