Wrong packets stick out like sore thumbs

Security software that visually portrays the state of networks is not a new idea. For example, Computer Associates International Inc. sells eTrust Network Forensics, formerly called SilentRunner. And the National Center for Supercomputing Applications has developed its Security Incident Fusion Tool with funding from the Office of Naval Research.

What's unique about Therminator's visualization is that it uses science.

'There are lots of ways to look at traffic, to cluster things,' said David Ford, a research professor at the Naval Postgraduate School. 'We're trying to apply established science to the data sets.'

Ford, a developer on the Therminator team at the Monterey, Calif., school, thought of using the scientific discipline of thermodynamics to characterize network traffic. He published his ideas in a paper, 'Application of Thermodynamics to the Reduction of Data Generated by a Non-Standard System,' in Cornell University's electronic repository.

'We need to do a better job of using basic engineering to understand computer attacks, to push things to a more mature scientific foundation,' Ford said. 'The basic idea is that a computer network is a complex system, and we know how to deal with complexity from a mathematical point of view.'

Networked packets of data, moving from point to point, exhibit behavior similar to the molecules in a cup of coffee or the electromagnetic charge of a magnet, he said. By characterizing these movements through known laws, unusual activity'such as a security breach'is more readily identified.

'When a packet does something not within the intended flow, it stands out like a sore thumb,' Ford said.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group