Visual Analysis: 2D Does it Better in Color
IDS Analysts today - as well as anyone else trying to parse large volumes of information - have a significant problem dealing with issues of context and correlation. Looking at thousands of lines of text just doesn't do it for them. Keeping all of the relevant details of the traffic in your head at once is just not efficient (or, in many cases, possible).
Visualizing IDS events (as a solution to this problem) is often attempted but never really seems to catch on. This talk will explain some of the things that have gone wrong with event visualizations, how to correct them, why 3D is a bad idea, and illustrate some of the key points to keep in mind when building your visual research systems. We'll also talk about the role of information shaping in this process and will attempt to teach someone without analysis experience to find "interesting stuff" on the fly (read: the talk will have a live demo, audience participation, and colorful abstract visuals).
Jack Whitsitt is a security engineer in the D.C. area whose interests and research areas include data visualization for security, abstract automated data shaping, honeypots, and neat ways to make systems do funny things. He is the primary author of the Bait and Switch Honeypot system, co-founder of violating networks, and is currently developing better ways to find needles in haystacks.