Compressed Context Based Analytic Results for Use in Computer Vision System for Network Defense

Presented at ShmooCon XII (2016), Jan. 17, 2016, 10 a.m. (60 minutes)

John & Rob have been developing interesting ideas in how to present large analytic results to analysts for making decisions in defending their networks. This idea is an evolution of a talk presented at THOTCON & CarolinaCon last year and development John & Rob have done over the past 4 years on streaming network analytics. We have developed a concept to provide the output network data and analytics through mathematically driven visualizations. In this example, we show 1024 analytics in a 16 by 16 pixel BMP. This is a capability to store 4 analytic results in 1 pixel, each pixel has a context and tells a story. Utilizing a Hilbert Space Filling Curve to plot this pixel in the BMP, this story-context lends itself to representing a computer network architecture very well, as each octet of the network address space can be plotted in a 16 by 16 grid, and the grid can be updated in real time to show time (like the Grateful Dead). The analytic results are used to create a single BMP every 5 seconds. We then apply a computer vision algorithm to send alerts to the analyst, when the change in the results meet their criteria for alert generation. This conveys the context-based story of the changes to the network over time to the analyst, helping them better defend their network.


  • John Eberhardt
    John Eberhardt (@JohnSEberhardt3) is a Data Scientist at 3E Services with 20 years of quantitative problem solving and a penchant for trying to decipher symbolism in obscure 16th century literature. John has experience in analytical problem solving in healthcare, life sciences, security, financial services, consumer products, and transportation.
  • Rob Weiss
    Rob Weiss (@3XPlo1T2) is a senior systems engineer at G2 with over 24 years of experience in government and commercial markets. He started with Legos and is now a tool builder and problem solver. Currently performs information security research for G2, looking for hard problems to solve.

Similar Presentations: