Roland Piquepaille's Technology Trends
How new technologies are modifying our way of life


jeudi 11 mars 2004
 

David Ford, a researcher at the Naval Postgraduate School in Monterey, California, is using ideas coming from the field of thermodynamics to visualize computer networks and detect security breaches, says Government Computer News (GCN) in "Navy researcher has novel security visualization technique." Thermodynamics equations have long been used to describe complex environments, so Ford applied them to computer networks. The result is the Therminator software, which helps Navy system administrators to detect and react to network attacks.

Below are screenshots of the Therminator software. Both images and legends are extracted from this article from CHIPS, a magazine of the Navy, "Therminator... A transformational enabler for FORCEnet."

A snapshot of the Therminator display Here is a generic snapshot of the primary Therminator display. The top portion of the graph is a display of average bucket sizes associated with conversation groups. The lower portion of the graph illustrates the "thermal canyon" -- the relationship of various network states -- over time (indicated from left to right). (Credit: DISA).
A snapshot of the Code Red attack in progress And this is a snapshot of the Code Red attack in progress. The display highlighted by the red circles is associated with the Code Red worm entering the NPS campus. The area highlighted by the yellow circles is associated with the firewall administrator shutting down the firewall in response to notification of the arrival of the worm. Compare the display associated with the intrusion of the Code Red worm with that of the actions taken by the firewall administrator shortly thereafter. (Credit: DISA).

Let's go back to the GCN article.

"We need to do a better job of using basic engineering to understand computer attacks, to push things to a more mature scientific foundation," said David Ford, a senior research coordinator for the Defense Information Systems Agency (DISA).
Last month, Ford posted his findings, entitled "Application of Thermodynamics to the Reduction of Data Generated by a Non-Standard System," in Cornell University’s electronic repository for scientific papers. Ford said he hopes the ideas will be picked up by both agencies and vendors of security appliances.

If you like mathematical equations, you can read this paper here (PDF format, 18 pages, 600 KB).

In plain English, here is what he did.

"The basic idea is that a computer network is a complex system, and people know how to deal with complexity from a mathematical point of view," Ford said, A computer network, with its packets of data moving back and forth, exhibits similar behavior to the molecules in a cup of coffee or the electromagnetic charge of a magnet, Ford said.
Ford said the paper formally explains a number of concepts that he and a Defense Department team used to build prototype software that visualizes the state of a network. The software, called Therminator, characterizes the normal activity, highlighting any unusual occurrences.
"When a packet does something that is not within the intended flow, then it stands out like a sore thumb," Ford said.

It is worth noting that the Therminator software is now incorporated in a commercial solution from Lancope, based in Atlanta, Georgia. You'll find more details about this software, including screenshots, on this page.

Sources: Joab Jackson, Government Computer News, March 4, 2004; and various websites


6:02:38 PM   Permalink   Comments []   Trackback []  


Click here to visit the Radio UserLand website. © Copyright 2004 Roland Piquepaille.
Last update: 01/11/2004; 08:57:24.


March 2004
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
Feb   Apr


Search this blog for

Courtesy of PicoSearch


Supported by
BigFitness.com

If you're tired to read about technology, it's time to take a break.
Try their exercise and fitness equipment.
Read more


Personal Links



Other Links

Ars Technica
Bloglines
BoingBoing
Daily Rotation News
del.icio.us
Engadget
Feedster
Gizmodo
I4U News
Mindjack Daily Relay
Nanodot
Slashdot
Smart Mobs
Techdirt
Technorati


People

Paul Boutin
Dan Gillmor
Lawrence Lessig
Jenny Levine
Karlin Lillington
John Robb
Dolores Tam
Jon Udell
Dave Winer


Drop me a note via Radio
Click here to send an email to the editor of this weblog.

E-mail me directly at
pique@noos.fr

Subscribe to this weblog
Subscribe to "Roland Piquepaille's Technology Trends" in Radio UserLand.

XML Version of this page
Click to see the XML version of this web page.