John & Rob have been developing interesting ideas in how to present large analytic results to analysts for making decisions in defending their networks. This idea is an evolution of a talk presented at THOTCON & CarolinaCon last year and development John & Rob have done over the past 4 years on streaming network analytics.
We have developed a concept to provide the output network data and analytics through mathematically driven visualizations. In this example, we show 1024 analytics in a 16 by 16 pixel BMP. This is a capability to store 4 analytic results in 1 pixel, each pixel has a context and tells a story. Utilizing a Hilbert Space Filling Curve to plot this pixel in the BMP, this story-context lends itself to representing a computer network architecture very well, as each octet of the network address space can be plotted in a 16 by 16 grid, and the grid can be updated in real time to show time (like the Grateful Dead). The analytic results are used to create a single BMP every 5 seconds. We then apply a computer vision algorithm to send alerts to the analyst, when the change in the results meet their criteria for alert generation. This conveys the context-based story of the changes to the network over time to the analyst, helping them better defend their network.
Rob Weiss (@3XPlo1T2) is a senior systems engineer at G2 with over 24 years of experience in government and commercial markets. He started with Legos and is now a tool builder and problem solver. Currently performs information security research for G2, looking for hard problems to solve.
John Eberhardt (@JohnSEberhardt3) is a Data Scientist at 3E Services with 20 years of quantitative problem solving and a penchant for trying to decipher symbolism in obscure 16th century literature. John has experience in analytical problem solving in healthcare, life sciences, security, financial services, consumer products, and transportation.