Security Visualization: Meaning From Chaos
One thing I love about information security is its beautiful complexity, a complexity that calls upon multiple disciplines and requires both technical skills and creativity to solve real-world problems. Regardless of whether the goal is compliance, intrusion detection, vulnerability analysis, log management, or forensics, the meat of IT security is and always will be about the data. Data collection is the science, abstracting and visualizing this data into usable information and actionable intelligence is the art.
One great example is the security visualization work being done by security researcher Aldo Cortesi who has built several impressive visualizations to analyze large complex data sets and display them in way that allows us to see patterns that we would not have seen. In one study he created “entropy visualizations” whereby he took samples of malware and created images from them using colors to show the levels of entropy in the files. Entropy is an indicator encryption, compression and/or obfuscation by the malware author showing the level of effort the author went to make the malware difficult to detect or reverse. Those files we see that visually have higher degrees of entropy we could judge are then more sophisticated.
(Images used by permission from Aldo Cortesi)
Color in this case is used to show the level of entropy ranging from blue to hot pink which is maximum entropy. Mousing over and clicking a square shows additional information via character class visualizations using the Hilbert curve showing additional information regarding the structure of the file. What is interesting about Cortesi’s work is that it abstracts a large chunk of raw complex data and transforms it into a substantial meaning using a minimal amount of pixels.