John & Rob have been developing interesting ideas in how to present large analytic results to analysts for making decisions in defending their networks. This idea is an evolution of a talk presented at THOTCON & CarolinaCon last year and development John & Rob have done over the past 4 years on streaming network analytics.
We have developed a concept to provide the output network data and analytics through mathematically driven visualizations. In this example, we show 1024 analytics in a 16 by 16 pixel BMP. This is a capability to store 4 analytic results in 1 pixel, each pixel has a context and tells a story. Utilizing a Hilbert Space Filling Curve to plot this pixel in the BMP, this story-context lends itself to representing a computer network architecture very well, as each octet of the network address space can be plotted in a 16 by 16 grid, and the grid can be updated in real time to show time (like the Grateful Dead). The analytic results are used to create a single BMP every 5 seconds. We then apply a computer vision algorithm to send alerts to the analyst, when the change in the results meet their criteria for alert generation. This conveys the context-based story of the changes to the network over time to the analyst, helping them better defend their network.