Monday, September 26, 2005

Some way cool visualization stuff

F-Secure has a way cool visualization presentation on the Bagle worm...check it out. Scroll down to the Fri, 23 Sept entry entitled, "A different look at Bagle". Very cool.

I know that there are visualization tools available for social network analysis. Raytheon's SilentRunner (who owns it now??) uses n-gram analysis to build context and create a basis for it's mapping, and is very interesting. I wonder if the above malware visualization will eventually include details of the actual functions themselves...


Richard Bejtlich said...

Hey Harlan,

Silent Runner is now Computer Associates Network Forensics.

Kyle said...

As Richard points out, it's owned by CA now and part of their eTrust suite. N-gram analysis, at least in the version I was using two years ago, was sort of a separate tool in the SR toolbox but wasn't used for mapping nodes in the network visualization pieces.

There are a lot of tools to do this type of analysis, though, including Text::Ngram (a Perl module).

I've been thinking for a couple of years about trying to re-create some of the general tools from SR as a Free software project, but haven't ever really taken off with it beyond some preliminary design work.