Monday, August 2, 2010

Using DAVIX For Security Visualization (revised)

Information visualization
-Visualize large collections of abstract data

Scientific visualization
-Representation of data with geometric structure

Visualization Concept
-Analyzing floods of data in tabular or textual form is tedious
-Humans must sequentially scan such data
-Visualization exploits the human's visual perceptive capabilities and parallel processing Size, Shape, Distance, and Color
-Easy to spot patterns and irregularities

Data types supported
Has a sequence e.g. day of week
Has no sequence e.g. types of fishes
Can be measured e.g. length, time, weight, temperature, speed

Visualization Effectiveness
-Each data type has its most effective way of visualization

Information Visualization Process

DAVIX Linux Distribution (
-Provide the audience with a workable and integrated tools set
-Enable them to immediately start with security visualization
-Motivate them to contribute to the security visualization community

Tools Available
-Network Tools (Argus, Snort, Wireshark)
-Logging (syslog-ng)
-Fetching Data (wget, ftp, scp)

-Shell Tools (awk, grep, sed)
-Visualization Preprocessing (AfterGlow, LGL)
-Extraction (Chaosreader)
-Data Enrichment (geoiplookup, whois, gwhois)

-Network Traffic (EtherApe, InetVis, tnv)
-Generic (AfterGlow, Cytoscape, Graphviz, LGL Viewer, Mondrian, R Project, Treemap)

Interface Transport
-Each visualization tool has its own file format interfaces
-Data must be converted to match the import interfaces
-These adapters are mostly self-written snippets of code

Important Note:
All the images presented in this post are intellectual property of the copyright owner (