Navy researcher has novel security visualization technique

A researcher at the Naval Postgraduate School in Monterey, Calif., has published a paper describing a visualization technique that can simplify detection of security breaches. The technique borrows ideas from the field of thermodynamics.

'We need to do a better job of using basic engineering to understand computer attacks, to push things to a more mature scientific foundation,' said David Ford, a senior research coordinator for the Defense Information Systems Agency.

Last month, Ford posted his findings, entitled 'Application of Thermodynamics to the Reduction of Data Generated by a Non-Standard System', in Cornell University's electronic repository for scientific papers. Ford said he hopes the ideas will be picked up by both agencies and vendors of security appliances.

The paper itself describes a method of visualizing activity on a network. Part of the problem with intrusion detection systems is that they overwhelm security administrators with information.

Although some companies have released security software that visually portrays the state of a network at any given time, what makes this approach novel is that is borrows from a formal scientific field to characterize data traffic.

'There are a lot of ways to look at traffic, to cluster things. We're trying to apply established science to the data sets,' Ford said.

Thermodynamics has a long history of making mathematical sense of complex environments.

'The basic idea is that a computer network is a complex system, and people know how to deal with complexity from a mathematical point of view,' Ford said, A computer network, with its packets of data moving back and forth, exhibits similar behavior to the molecules in a cup of coffee or the electromagnetic charge of a magnet, Ford said.

Ford said the paper formally explains a number of concepts that he and a Defense Department team used to build prototype software that visualizes the state of a network. The software, called Therminator, characterizes the normal activity, highlighting any unusual occurrences.

'When a packet does something that is not within the intended flow, then it stands out like a sore thumb,' Ford said.

Security appliance vendor Lancope Inc. of Atlanta, offers a commercial version of Therminator as an add-on to its StealthWtch intrusion detection system.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected