Security Data Visualization

Security Data Visualization
Graphical Techniques for Network Analysis
Greg Conti
September 2007, 272 pp.

Information overload. If you're responsible for maintaining your network's security, you're living with it every day. Logs, alerts, packet captures, and even binary files take time and effort to analyze using text-based tools—and once your analysis is complete, the picture isn't always clear, or timely. And time is of the essence.

Information visualization is a branch of computer science concerned with modeling complex data using interactive images. When applied to network data, these interactive graphics allow administrators to quickly analyze, understand, and respond to emerging threats and vulnerabilities.

Security Data Visualization is a well-researched and richly illustrated introduction to the field. Greg Conti, creator of the network and security visualization tool RUMINT, shows you how to graph and display network data using a variety of tools so that you can understand complex datasets at a glance. And once you've seen what a network attack looks like, you'll have a better understanding of its low-level behavior—like how vulnerabilities are exploited and how worms and viruses propagate.

You'll learn how to use visualization
techniques to:

  • Audit your network for vulnerabilities using free visualization tools, such as AfterGlow and RUMINT
  • See the underlying structure of a text file and explore the faulty security behavior of a Microsoft Word document
  • Gain insight into large amounts of low-level packet data
  • Identify and dissect port scans, Nessus vulnerability assessments, and Metasploit attacks
  • View the global spread of the Sony rootkit, analyze antivirus effectiveness, and monitor widespread network attacks
  • View and analyze firewall and intrusion detection system (IDS) logs

Security visualization systems display data in ways that are illuminating to both professionals and amateurs. Once you've finished reading this book, you'll understand how visualization can make your response to security threats faster and more effective.

Author Bio 

Gregory Conti, an Assistant Professor of Computer Science at the U.S. Military Academy in West Point, N.Y., has been featured in IEEE Security and Privacy magazine, the Communications of the ACM, and IEEE Computer Graphics and Applications magazine. He has spoken at a wide range of academic and hacker conferences, including Black Hat, DEFCON and the Workshop on Visualization for Computer Security (VizSEC). Conti runs the open source security visualization project, RUMINT,

Table of contents 

Chapter 1: An Overview of Information Visualization
Chapter 2: The Beauty of Binary File Visualization
Chapter 3: Port Scan Visualization
Chapter 4: Vulnerability Assessment and Exploitation
Chapter 5: One Night on My ISP
Chapter 6: A Survey of Security Visualization
Chapter 7: Firewall Log Visualization
Chapter 8: Intrusion Detection Log Visualization
Chapter 9: Attacking and Defending Visualization Systems
Chapter 10: Creating a Security Visualization System
Chapter 11: Unexplored Territory
Chapter 12: Teaching Yourself

View the detailed Table of Contents (PDF)
View the Index (PDF)


"Security Data Visualization is among the most interesting, well-written, information packed and beautifully laid out books I've had the pleasure of reading this year. Graphical techniques for network analysis have never been so fascinating."
Help Net Security (Read More)

"Security Data Visualization (SDV) is a great book. It's perfect for readers familiar with security who are looking to add new weapons to their defensive arsenals. Even offensive players will find something to like in SDV."
Richard Bejtlich, Tao Security (Read More)

"Overall, a great book and highly recommended to anyone interested in getting started with security visualization. Rating: 5 Stars."
Chris Gates, The Ethical Hacker Network (Read More)

Security Data Visualization "is most interesting to people who care about network data (even if they don't care about security), but if you're into data visualization, there's a lot there even if networks and security aren't your area."
;login: The USENIX Magazine (Read More)