Monday, September 26, 2005

Some way cool visualization stuff

F-Secure has a way cool visualization presentation on the Bagle worm...check it out. Scroll down to the Fri, 23 Sept entry entitled, "A different look at Bagle". Very cool.

I know that there are visualization tools available for social network analysis. Raytheon's SilentRunner (who owns it now??) uses n-gram analysis to build context and create a basis for it's mapping, and is very interesting. I wonder if the above malware visualization will eventually include details of the actual functions themselves...

2 comments:

Richard Bejtlich said...

Hey Harlan,

Silent Runner is now Computer Associates Network Forensics.

Kyle said...

As Richard points out, it's owned by CA now and part of their eTrust suite. N-gram analysis, at least in the version I was using two years ago, was sort of a separate tool in the SR toolbox but wasn't used for mapping nodes in the network visualization pieces.

There are a lot of tools to do this type of analysis, though, including Text::Ngram (a Perl module).

I've been thinking for a couple of years about trying to re-create some of the general tools from SR as a Free software project, but haven't ever really taken off with it beyond some preliminary design work.