Automated Vulnerability Scanning Tool
Network Situational Awareness
Traffic Generator Analyzer
Visualization Tool
Wireless Network Security
Operating System Emulator
Dynamic Network Defenses
Emergent Behavior in Mobile Agents
Sniffer Detection
Cyber Immunization
Address Resolution Protocol Poisoning Protection
Red Team Exercises
MPLS Control Plane Security
SCADA Security Protocols - Reverse Engineering a SCADA Protocol
Digital Forensics - Concepts, methodology, and tools
IST Internet Search Tool - Added Chinese language support
JTAG Joint Test Action Group LDRD
BREW - A reverse engineering tool that produces fully readable output
Dynamic Network Map - Generates automatic, dynamic, interactive map of the network
DarkNet - Investigation and monitoring traffic in the unused network space
Cryptographic Assurance Processor - Attempts to validate instructions as it executes them
AnVEBIDAS A generic agent framework for the analysis and visualization of emergent behavior
The Virtual SCADA Environment
SCADA Linux Appliance (SLAP)
Biological Paradigms For Malicious Code
SNL Cyber Security
NP and A Program Management
Sunburst Pilot Program
Vulnerability Assessment
Assessment of Next Generation
Forensic Tool Development
Assessments/Red Teaming
UMR Project
Applying New Network Security
Dynamic Network Mapping
Wireless Router Embedded Linux
Linux Cluster, Parallel Networking
Advanced Container Security
Lyndon Pierson (LDRD)
Virtual Control System Environment (VCSE)
Cyberspace Visualization and Instrumentation
Cyber/Physical Security Navy Programs Project
Electronic System Development Integrated Public Alert and Warning System (IPAWS)
Key Technologies for Quantum Computing, LDRD
Low Bandwidth Authentication
Malicious Log Detection of Unix Workstations
SEPIA software evaluation in virtual environments
Strategic Concepts LDRD
SUNNY Malicious Code Detection
Windows Vista Exploration (WaVE)
Wireless Network Monitoring
CCD Program Support
Cryptographic Research
Global TTL
Reverse Engineering Tools
Optical Media
SCADA Open Source

Network Visualization

Goal: Provide a suite of tools that will provide a human operator with detailed real-time views of the network. Views that will make use of the visual processing capabilities of the human brain to rapidly convey huge amounts of information to the operator.

Host-Based Visualization

This view focuses on the analysis of traffic generated by individual hosts on the network. The TCP protocol is represented by the top plane and the UCP protocol is represented by the bottom plane. Hosts on the network appear as colored spheres - (color-coded according to network interface card manufacturer). Each line on the diagram represents packets that appear as blue from the sending host, and terminate as red at the receiving host. TCP and UDP packets bounce off of the port planes based on the destination port. Only hosts that have been active within the last 30 seconds will appear on the plane. A host will rise on the plane if it is using a higher bandwidth.

Host-based visualization of an NMap scan
Host-based visualization of a DDOS

Network-Based Visualization


This view focuses on protocol usage within the network. The horizontal plane is divided into sections that represent common protocols on the network. The section located furthest right is the source IP address and the next section is the IP destination address. The remaining three sections are the common protocols ICMP, TCP and UDP. The size of the packet within each protocol increases with distance from the camera. The vertical plane represents the TCP and UDP ports 0 - 65,535. As each protocol hits the vertical plane, it is refracted out to the output planes to illustrate it's composition.

Network-based visualization of an NMap scan
Network-based visualization of a DDOS

SCADA Virtual Environment


SCADA - Supervisory Control and Data Acquisition. A SCADA system is the computer system used to operate some of the nation's critical infrastructures such as electric power. To set up a real SCADA environment for testing purposes is quite costly. The picture on the right represents a Virtual SCADA Environment that allows for testing with minimal cost for equipment.

Virtual view of SCADA-Ville

Wireless Visualization

Due to the modular plug in architecture created in the visualization suite of tools, this is a continuation of the original visualization project now adapted to display wireless network data.

Wireless Association View
W-State Wireless view

Unused Network Space

The computer security organization monitors and logs all traffic on the unused network space, taking careful consideration of those people that are "low and slow" on the darknet address.

Darknet: A portion of routed, allocated IP space in which no active services or servers reside.

CCD Accomplishments: Set up a snort logging server running 24/7 that parses out SQL commands and uploads them to a database to create daily/weekly/monthly reports on activity in the unused network area.


AnVEBIDAS: A Generic Agent Framework for the Analysis and Visualization of Emergent Behavior

As information becomes crucial to new technologies, no longer are new systems typically isolated nor standalone. Components are instead connected into larger networked systems that can exhibit collective, group behaviors that are not apparent from analysis of the individual parts. These emergent behaviors can either improve the system's function or can create instabilities. CCD students developed a prototype tool for the Analysis and Visualization of the Emergent Behavior or Distributed Intelligent Autonomous Systems (AnVEBIDAS) which provides a generic agent framework and a number of visualization tools.


History, Accomplishments, and Overviews