Black Hat Briefings, Las Vegas 2005 [audio] Presentations From The Security Conference

Ethereal is a thing of beauty, but ultimately you are constrained to a tiny window of 30-40 packets that is insufficient when dealing with network datasets that could be on the order of millions of packets. In addition, it only displays traffic from packet captures and lacks the ability to incorporate and correlate other security related datastreams. In an attempt to break from this paradigm, we will explore conceptual, system design and implementation techniques to help you build better security analysis tools. By applying advanced information visualization and interaction techniques such as dynamic queries, interactive encoding, semantic zooming, n-gram analysis and rainfall visualization you will gain far more insight into your data, far more quickly than with today's best tools. We will discuss lessons learned from the implementation of a security PVR (a prototype will be released) and explore additional topics such as using visual techniques to navigate and semantically encode small and large binary obje