Compressed Context Based Analytic Results for Use in Computer Vision System for Network Defense

Presented at ShmooCon XII (2016), Jan. 17, 2016, 10 a.m. (60 minutes).

John & Rob have been developing interesting ideas in how to present large analytic results to analysts for making decisions in defending their networks. This idea is an evolution of a talk presented at THOTCON & CarolinaCon last year and development John & Rob have done over the past 4 years on streaming network analytics. We have developed a concept to provide the output network data and analytics through mathematically driven visualizations. In this example, we show 1024 analytics in a 16 by 16 pixel BMP. This is a capability to store 4 analytic results in 1 pixel, each pixel has a context and tells a story. Utilizing a Hilbert Space Filling Curve to plot this pixel in the BMP, this story-context lends itself to representing a computer network architecture very well, as each octet of the network address space can be plotted in a 16 by 16 grid, and the grid can be updated in real time to show time (like the Grateful Dead). The analytic results are used to create a single BMP every 5 seconds. We then apply a computer vision algorithm to send alerts to the analyst, when the change in the results meet their criteria for alert generation. This conveys the context-based story of the changes to the network over time to the analyst, helping them better defend their network.

Presenters:

• Rob Weiss
  Rob Weiss (@3XPlo1T2) is a senior systems engineer at G2 with over 24 years of experience in government and commercial markets. He started with Legos and is now a tool builder and problem solver. Currently performs information security research for G2, looking for hard problems to solve.
• John Eberhardt
  John Eberhardt (@JohnSEberhardt3) is a Data Scientist at 3E Services with 20 years of quantitative problem solving and a penchant for trying to decipher symbolism in obscure 16th century literature. John has experience in analytical problem solving in healthcare, life sciences, security, financial services, consumer products, and transportation.

Similar Presentations:

• THOTCON 0x7 (2016) / Playing with Pictures: Adult Coloring on the Internet
• THOTCON 0x6 (2015) / One Step Closer to the Matrix: Machine Learning and Augmented Reality in Networking Defense
• CarolinaCon 11 (2015) / One Step Closer to the Matrix: Machine Learning and Augmented Reality in Networking