Navy researcher has novel security visualization technique

A researcher at the Naval Postgraduate School in Monterey, Calif., has published a paper describing a visualization technique that can simplify detection of security breaches. The technique borrows ideas from the field of thermodynamics.

'We need to do a better job of using basic engineering to understand computer attacks, to push things to a more mature scientific foundation,' said David Ford, a senior research coordinator for the Defense Information Systems Agency.

Last month, Ford posted his findings, entitled 'Application of Thermodynamics to the Reduction of Data Generated by a Non-Standard System', in Cornell University's electronic repository for scientific papers. Ford said he hopes the ideas will be picked up by both agencies and vendors of security appliances.

The paper itself describes a method of visualizing activity on a network. Part of the problem with intrusion detection systems is that they overwhelm security administrators with information.

Although some companies have released security software that visually portrays the state of a network at any given time, what makes this approach novel is that is borrows from a formal scientific field to characterize data traffic.

'There are a lot of ways to look at traffic, to cluster things. We're trying to apply established science to the data sets,' Ford said.

Thermodynamics has a long history of making mathematical sense of complex environments.

'The basic idea is that a computer network is a complex system, and people know how to deal with complexity from a mathematical point of view,' Ford said, A computer network, with its packets of data moving back and forth, exhibits similar behavior to the molecules in a cup of coffee or the electromagnetic charge of a magnet, Ford said.

Ford said the paper formally explains a number of concepts that he and a Defense Department team used to build prototype software that visualizes the state of a network. The software, called Therminator, characterizes the normal activity, highlighting any unusual occurrences.

'When a packet does something that is not within the intended flow, then it stands out like a sore thumb,' Ford said.

Security appliance vendor Lancope Inc. of Atlanta, offers a commercial version of Therminator as an add-on to its StealthWtch intrusion detection system.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected