Network Visualization
Goal: Provide a suite of tools that will provide a human
operator with detailed real-time views of the network. Views that
will make use of the visual processing capabilities of the human
brain to rapidly convey huge amounts of information to the operator.
|
Host-Based Visualization
|
| This view focuses on the analysis of traffic generated
by individual hosts on the network. The TCP protocol is represented
by the top plane and the UCP protocol is represented by the
bottom plane. Hosts on the network appear as colored spheres
- (color-coded according to network interface card manufacturer).
Each line on the diagram represents packets that appear as blue
from the sending host, and terminate as red at the receiving
host. TCP and UDP packets bounce off of the port planes based
on the destination prot. ONly hosts that have been active within
the last 30 seconds will appear on the plane. A host will rise
on the plane if it is using a higher bandwidth. |
|
|
| |
Host-based visualization
of an NMap scan |
Host-based visualization
of a DDOS |
|
Network-Based Visualization
|
| This view focuses on protocol usage within the
network. The horizontal plane is divided into sections that
represent common protocols ont he network. The section located
furthest right is the source IP address and the next section
is the IP destination address. The remaining three sections
are the common protocols ICMP, TCP and UDP. The size of the
packet within each protocol increases with distance from the
camera. The vertical plane represents the TCP and UDP ports
0 - 65,535. As each protocol hits the vertical plane, it is
refracted out to the output planes to illustrate it's composition. |
|
|
| |
Network-based visualization
of an NMap scan |
Network-based visualization
of a DDOS |
|
SCADA Virtual Environment
|
| SCADA - Supervisory Control and Data Acquisition. A SCADA
system is the computer system used to operate some of the nation's
critical infrastructures such as electric power. To set up a
real SCADA environment for testing purposes is quite costly.
The picture on the right represents a Virtual SCADA Environment
that allows for testing with minimal cost for equipment. |
|
| |
Virtual view of SCADA-Ville |
|
Wireless Visualization
|
| Due to the modular plug in architecture created in the visualization
suite of tools, this is a continuation of the original visualization
project now adapted to display wireless network data. |
|
|
| |
Wireless Association View |
W-State Wireless view |
|
Unused Network Space
|
The computer security organization monitors and logs all
traffic on the unused network space, taking careful consideration
of those people that are "low and slow" on the darknet
address.
Darknet: A portion of routed, allocated
IP space in which no active services or servers reside.
CCD Accomplishments: Set up a snort logging server running
24/7 that parses out SQL commands and uploads them to a database
to create daily/weekly/monthly reports on activity in the
unused network area. |
|
|
AnVEBIDAS: A Generic Agent Framework for the
Analysis and Visualization of Emergent Behavior
|
| As information becomes crucial to new technologies, no longer
are new systems typically isolated nor standalone. Components
are instead connected into larger networked systems that can
exhibit collective, group behaviors that are not apparent from
analysis of the individual parts. These emergent behaviors can
eitehr improve the system's funciton or can creat instabilities.
CCD students developed a prototype tool for the Analysis and
Visualization of the Emergent Behavior or Distributed Intelligent
Autonomous Systems (AnVEBIDAS) which provides a generic agent
framework and a number of visualization tools. |
|
 |
|
Project Title:
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
Top of page |
