Security Data Visualization: Graphical Techniques for Network Analysis (Paperback)

by Greg Conti (Author)

Editorial Reviews

Product Description
Information overload. If you're responsible for maintaining your network's security, you're living with it every day. Logs, alerts, packet captures, and even binary files take time and effort to analyze using text-based tools--and once your analysis is complete, the picture isn't always clear, or timely. And time is of the essence.

Information visualization is a branch of computer science concerned with modeling complex data using interactive images. When applied to network data, these interactive graphics allow administrators to quickly analyze, understand, and respond to emerging threats and vulnerabilities.

Security Data Visualization is a well-researched and richly illustrated introduction to the field. Greg Conti, creator of the network and security visualization tool RUMINT, shows you how to graph and display network data using a variety of tools so that you can understand complex datasets at a glance. And once you've seen what a network attack looks like, you'll have a better understanding of its low-level behavior--like how vulnerabilities are exploited and how worms and viruses propagate.

You'll learn how to use visualization techniques to:

Audit your network for vulnerabilities using free visualization tools, such as AfterGlow and RUMINT

See the underlying structure of a text file and explore the faulty security behavior of a Microsoft Word document

Gain insight into large amounts of low-level packet data

Identify and dissect port scans, Nessus vulnerability assessments, and Metasploit attacks

View the global spread of the Sony rootkit, analyze antivirus effectiveness, and monitor widespread network attacks

View and analyze firewall and intrusion detection system (IDS) logs

Security visualization systems display data in ways that are illuminating to both professionals and amateurs. Once you've finished reading this book, you'll understand how visualization can make your response to security threats faster and more effective.

About the Author
Greg Conti, an Assistant Professor of Computer Science at the U.S. Military Academy in West Point, N.Y., has been featured in IEEE Security and Privacy magazine, the Communications of the ACM, and IEEE Computer Graphics and Applications magazine. He has spoken at a wide range of academic and hacker conferences, including Black Hat, DEFCON and the Workshop on Visualization for Computer Security (VizSEC). Conti runs the open source security visualization project, RUMINT, http://www.rumint.org/.

Product Details

• Paperback: 272 pages
• Publisher: No Starch Press; illustrated edition edition (October 1, 2007)
• Language: English
• ISBN-10: 1593271433
• ISBN-13: 978-1593271435
• Product Dimensions: 9.1 x 7 x 0.9 inches
• Shipping Weight: 1.7 pounds (View shipping rates and policies)
• Average Customer Review: 4.7 out of 5 stars See all reviews (6 customer reviews)
• Amazon.com Sales Rank: #125,640 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #49 in	Books > Computers & Internet > Computer Science > Modeling & Simulation
  #74 in	Books > Computers & Internet > Certification Central > Exams > Security+
  #76 in	Books > Computers & Internet > Web Development > Security & Encryption > Encryption

Customer Reviews

Most Helpful Customer Reviews

17 of 17 people found the following review helpful:

5.0 out of 5 stars Innovative and timely security book, October 7, 2007

By	Richard Bejtlich "TaoSecurity.com" (Washington, DC) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)

Security Data Visualization (SDV) is a great book. It's perfect for readers familiar with security who are looking to add new weapons to their defensive arsenals. Even offensive players will find something to like in SDV. The book is essentially an introduction to the field, but it is well-written, organized, and clear. I recommend all security analysts read SDV.

I give five star reviews to books that meet certain criteria. First, the book should change the way I look at a problem, or properly introduce me to thinking about a problem for which I have little or no frame of reference. Although I have been a security analyst for ten years, I have little visualization experience. Author Greg Conti spent just the right amount of time explaining the field, describing key terms (preattentive processing, occlusion, brushing) and displays (star plots, small multiples, TreeMaps). I loved the author's mention of Ben Shneiderman's visualization mantra: "overview first, zoom and filter, details on demand" (p 14).

Second, a five star book should have few or no technical errors. SDV was as sound as they come, at least as far as the security and networking information goes. I can't comment on the author's synthesis of the visualization community. I also liked the case studies in Chs 3, 4, and 5. I liked reading the visualization methodology introduced in the chapter on analyzing firewall logs (Ch 7).

Third, a five star book will make the material actionable. I finished SDV thinking I could try at least some of what I read on my own network. Ch 10 talked about how to build your own visualization tool. I would have liked additional detail on using some of the tools in the book, so perhaps a future edition will expand on that point.

A fourth feature of great books is including current research and referencing outside sources. SDV cited many foundational papers and presentations on visualization in general and security visualization specifically. Chs 6 and 12 addressed these subjects in detail. Ch 11 presented readers with ideas for future projects.

Overall, it should be obvious I really enjoyed reading SDV. My only real complaint seems inherent to the field: how to analyze large data sets. The case study in Ch 5 ("One Night on My ISP") only looks at 303 packets. It is easy to dismiss it since there's hardly any data to analyze. However, I feel that the author's techniques can be creatively scaled if one maintains realistic expectations. SDV is an excellent introduction to the security visualization field and I hope to see other works from the author and others on this important topic.

6 of 6 people found the following review helpful:

5.0 out of 5 stars Excellent book, a must-have for a security library, October 1, 2007

By	Oleg Kolesnikov (Boston, MA USA) - See all my reviews (REAL NAME)

I found the "Security Data Visualization" to be well written and full of useful information. The book provides a snapshot of the state-of-the-art in security data visualization, which includes the latest academic work as well as open source and commercial tools.

I particularly liked the examples in Chapter 3 comparing visual representations of port scans from Nmap and the Unicornscan. The differences between the two port scans stood out very clearly even before reading the corresponding explanation.

I also enjoyed the hands-on examples of dissecting visual representations of Nessus and Metasploit attacks in Chapter 4. Among the other things I liked about the book were the examples of using TreeMaps to visualize alert logs from Snort and to perform detailed analysis of alerts described in Chapter 8. (Make sure you read the first chapter because it explains many of the fundamental concepts.)

Also, for those who like reading chapters out-of-order (like myself :) - to save time, I'd recommend reading the first three chapters before reading anything else. I found that it is much easier to understand the rest of the examples in the book that way.

Overall, the book provides practical insights into a very interesting emerging area of information security--security data visualization. I would recommend this book to all security professionals.

4 of 4 people found the following review helpful:

5.0 out of 5 stars If you want to get into security visualization and dont know where to start, this is the book for you, October 21, 2007

By	Chris Gates (NoVA, USA) - See all my reviews

If you want to get into security visualization this is the book for you. This book gives you everything you need to get started in the field. You may be asking yourself why you should care or want to be interested in Security Visualization. In Chapter 1 the author sums it up nicely. "Visualizations make abstract data more coherent...In many cases, visualizations seek to display large amounts of information in a compact but useful way."

Before we get into the review, I'll disclose that I know the author and he gave me a review copy. I don't think this makes it easier for the author to get a good review, in fact, I think it makes it harder because I expect a lot from the author. Its his fault I'm into computer and information security and I have taken courses that he taught, so he had high expectations to meet.

The first three chapters, An Overview of Information Visualization, The Beauty of Binary File Visualization, and Port Scan Visualization give you all the background you need to get started and introduce you to the author's visualization tool, RUMINT. It was interesting to see the difference between nmap and unicornscan and paves the way to create signatures for all types of port scanners based on their default behavior. Chapter 4, Vulnerability Assessment and Exploitation, walks us through analyzing a dataset with an attack using the Metasploit Framework, very interesting and shows us that even with metasploit's built-in IDS evasion, in the end it must create sockets and connections and those can be seen with visualization tools (with the proper tweaking and analysis). I read the sample chapter available (CH 5, One Night on My ISP) before I read the whole book, and it was certainly easier to follow after reading the previous chapters. I think it gives you a good taste of what you can do with security visualization tools and what the book can teach you but can be hard to follow without the background material in the previous chapters. Chapter 6, A Survey of Security Visualization, gives us an overview of how other security researchers are solving security problems with different types of visualization. Chapters 7 (Firewall Log Visualization) & 8 (Intrusion Detection Log Visualization) written by the guest author Raffy Marty uses his tool "AfterGlow" to examine firewall logs and Treemaps to try to organize the volumes of IDS data. Chapter 9, Attacking and Defending Visualization Systems, shows us some sample attacks that attackers could use to thwart security visualization tools. The occlusion and windshield wiper attacks were interesting as well as the idea of using graphical attacks to send images to the analyst. Chapters 10-12, Creating a Security Visualization System, Unexplored Territory & Teaching Yourself, closes out the book with discussions and thoughts on building your own security visualization tools, areas of future research and obviously ways to help teach yourself security visualization.

Some likes and dislikes. I liked that the author regularly points us to background material and extra reading for every section. Each section could pretty much be a book in itself so links to more reading and current research was helpful for the specific areas that peeked my interest. I really liked that the book was in color, I don't see the book being near as effective in black and white. I liked the guest author's take on visualization, it was nice to get a second opinion in the same book and it was extremely nice that they didn't cover the same material like a lot of books that have multiple authors seem to do. Lastly, I liked that the author had created his own tool to do some of the visualization and that its freely available on the tool's site. I was able to get up and running with RUMINT from the material in the book and the how-to on the site.

For dislikes, it would have been nice to have access to some of the scripts mentioned in the book. Hopefully the author will post those on his site. I didn't care for the font of the book, Times New Roman, small times new roman font got a little tiresome of reading after a chapter or two (minor gripe)

Overall, a great book and highly recommended to anyone interested in getting started with security visualization.