Know Your Tools: Use Picviz to Find Attacks

Thursday, November 26. 2009
A new series of papers is available from the Honeynet Project: "Know Your Tools" deals with specific types of honeypots and explains how to use them. The first paper in this series deals with Picviz, a tool to visualize data based on parallel coordinates plots.
Picviz is a parallel coordinates plotter which enables easy scripting from various input (tcpdump, syslog, iptables logs, apache logs, etc..) to visualize data and discover interesting aspects of that data quickly. Picviz uncovers previously hidden data that is difficult to identify with traditional analysis methods.

The paper is available at http://www.honeynet.org/node/499".

Abstract:
This document explains how Picviz can be used to spot attacks. We will use three examples in this paper; analysis of ssh connection logs, demonstration of the graphical interface on network data generated by a port scanner and the use of Picviz command line to discover attacks towards an Apache web server. Picviz can handle large amounts of data, as illustrated by the last example in which two years of raw Apache access logs are analyzed. We will show how we can find attacks that previously have been hidden and discover them in a very short time!
We hope Picviz will make you more efficient in analyzing any kind of log files, including network traffic, and able to spot abnormalities even with large dataset.

Posted by Thorsten Holz in honeynets at 11:59 | Comments (0) | Trackbacks (0)

Call for Papers: EuroSec 2010

Wednesday, November 25. 2009
admin
The next edition of the European Workshop on System Security (EuroSec 2010) will take place on the 13th of April, 2010, in Paris, France. Please find below the call for papers.

About EuroSec:
EuroSec is a new workshop associated with the Annual ACM SIGOPS EuroSys conference. The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work.

Important dates:
  • Paper submission: February 7, 2010 (Hard deadline, no extensions), 5pm, PST
  • Acceptance notification: March 1, 2010
  • Final paper due: March 12, 2010
  • Workshop: April 13, 2010

Continue reading "Call for Papers: EuroSec 2010"

Posted by Thorsten Holz in admin, paper at 16:29 | Comment (1) | Trackbacks (0)
(Page 1 of 1, totaling 2 entries)