Wrong packets stick out like sore thumbs

Security software that visually portrays the state of networks is not a new idea. For example, Computer Associates International Inc. sells eTrust Network Forensics, formerly called SilentRunner. And the National Center for Supercomputing Applications has developed its Security Incident Fusion Tool with funding from the Office of Naval Research.

What's unique about Therminator's visualization is that it uses science.

'There are lots of ways to look at traffic, to cluster things,' said David Ford, a research professor at the Naval Postgraduate School. 'We're trying to apply established science to the data sets.'

Ford, a developer on the Therminator team at the Monterey, Calif., school, thought of using the scientific discipline of thermodynamics to characterize network traffic. He published his ideas in a paper, 'Application of Thermodynamics to the Reduction of Data Generated by a Non-Standard System,' in Cornell University's electronic repository.

'We need to do a better job of using basic engineering to understand computer attacks, to push things to a more mature scientific foundation,' Ford said. 'The basic idea is that a computer network is a complex system, and we know how to deal with complexity from a mathematical point of view.'

Networked packets of data, moving from point to point, exhibit behavior similar to the molecules in a cup of coffee or the electromagnetic charge of a magnet, he said. By characterizing these movements through known laws, unusual activity'such as a security breach'is more readily identified.

'When a packet does something not within the intended flow, it stands out like a sore thumb,' Ford said.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.