Security Visualization Past, Present, Future

Transcription

1 Security Visualization Past, Present, Future Greg Conti West

2 Disclaimer The views expressed in this talk are those of the author and do not reflect the official policy or position of West Point, the Department of the Army, the Department of Defense, or the United States Government.

3

4 VizSec Body of Work

5 Edge of Human Knowledge Present 10 years 50 years

6 Edge of Human Knowledge Courses Books Present 10 years 50 years

7 Edge of Human Knowledge Research Papers Courses Books Present 10 years 50 years

8 Edge of Human Knowledge Research Papers Courses Books Present 10 years 50 years

9 Edge of Human Knowledge Classified Paywall Research Papers Courses Books Proprietary Present 10 years 50 years

10 Edge of Human Knowledge Classified Paywall Research Papers Future Work Future Work Courses Books Proprietary Present 10 years 50 years

11 Edge of Human Knowledge Classified Science Fiction Paywall Research Papers Future Work Future Work Science Fiction Courses Books Proprietary Present 10 years 50 years

12 Past

13 Shneiderman s Mantra Overview first, zoom and filter, then details-on demand. Ben Shneiderman, The Eyes Have It: A Task by Data Type Taxonomy for Information Visualizations. In Proceedings of the IEEE Symposium on Visual Languages, pages , 1996.

14 General Purpose Information Visualization Tufte Spence

15 VizSEC/DMSEC (2004) visualizing vulnerabilities visualizing IDS alarms (NIDS/HIDS) visualizing worm/virus propagation visualizing routing anamolies visualizing large volume computer network logs visual correlations of security events visualizing network traffic for security visualizing attacks in near-real-time security visualization at line speeds dynamic attack tree creation (graphic) forensic visualization feature selection feature construction incremental/online learning noise in the data skewed data distribution distributed mining correlating multiple models efficient processing of large amounts of data correlating alerts signature detection anomaly detection forensic analysis

16 VizSEC (2005)

17 The Dashboard

18 Security Visualization and Enabler Books Emerge

19 Many Eyes

20 Present

21 Analytics

22 Diverse Data Flows Data aggregation Correlation Alerting Dashboards Compliance Retention Forensic analysis

23 The Dashboard

24 Training

25 Future

26 Data Monitor Size Human Perception and Cognition Time

27 The Dashboard

28 Relationship of Data, Information, and Intelligence

29 Expressing Confidence in Analytic Judgments

30 Don t Use Your Powers for #DarkPatterns

31 Advocacy

32 Social Good

33 Public Education

34 What is the Secret Ingredient? The First Law of Intrusion Detection: That Which You Can t See, You Can t Detect. - Anup Ghosh

35 Chasing the Invisible Man

36 Fight for Visibility

37 Fight for Visibility

38 Role of an Adversary

39 We used to be fighting individuals... now we are defending ourselves against nation-states

40 Three Tiers See Defense Science Board, Resilient Military Systems and the Advanced Cyber Threat, JAN 2013

41 Privacy

42 Neural Interfaces

43 On Demand Web-based Tools binvis.io

44 Big Data and The Cloud

45 IPv6

46 Moving Target Defense

47 Deception

48 Scales of Time

49 Humans in the Loop 10. The computer decides everything, acts autonomously, ignoring the human 9. informs the human only if it, the computer, decides to 8. informs the human only if asked 7. executes automatically, then necessarily informs the human 6. allows the human a restricted time to veto before automatic execution 5. executes that suggestion if the human approves 4. suggests one alternative 3. narrows the selection down to a few 2. the computer offers a complete set of decision/action alternatives 1. the computer offers no assistance: human must take all decisions and actions Levels of Automation of Decision and Action Selection from Raja Parasuraman, Thomas Sheridan, and Christopher Wickens, A Model for Types and Levels of Human Interaction with Automation, IEEE Transactions on Systems, Man and Cybernetics, Vol. 30, No. 3, May

50 Sensors

51 Virtual Reality

52 Augmented Reality Architecture of Radio

53 Mobile DanKam

54 Internet of Things

55 Predictive

56 User Defined Operating Picture

57 Operator Requirements

58 Partnering

59 Adoption and Commercial Utilization

60 Tech Transfer

61 Risk Analysis

62 Compliance

63 Smart Cities

64 Smart Cities

65 Times are Changing

66 Cyber, Cyber, Everywhere

67 Layers of Cyberspace

68 War on General Purpose Computing

69 (Human && Machine) >> (Human Machine)

70 Parting Thoughts

71 Think in Terms of Research Campaigns Long Term Inform decision makers Communicate with different audiences Research vision

72 Marketplace of Ideas

73 Engage/Support the Media

74 Challenge Assumptions

75 Think Big Cooperative Association for Internet Data Analysis (CAIDA) 2007 IPv4 Census Map (two-month ping sweep)

76 Think Small Microsoft Word 2003.doc Firefox Process Memory Windows.dll Neverwinter Nights Database

77 Irritate Software, Hardware, Protocols, and People

78 Detect Patterns

79 Detect Patterns

80 Look at the Intersection of Your Interest Areas Visualization??? Security Robots Software Defined Radio Cyber Operations Malware Deception Privacy Social Engineering Insider Threat <What are you passionate about?>

81 What Makes You Mad Flying Vodka Bottles

82 What Can Possibly Go Wrong

83 Pretty Pictures

84 Think Like a Nation-State

85 Look in Cracks, Crevices, Under Rocks, and Other Dark Places

86

87 Enjoy the Golden Age of Visualization :) Questions???