PI: Kwan-Liu Ma, University of California at Davis Project Period: 09/01/2007 - 08/31/2008 Project Summary For an organization to maintain trustworthy and normal operation of computing systems, one strategy is to closely monitor the traffic in and out of its networks for detecting anomalies, and responding to and tracking down attacks in a robust and timely manner. However, characterizing the communication activities and content across all network protocol layers, domains, and applications can result in vast amounts of information. Current representation and interpretation methods for such Internet-wide decentralized information are still quite rudimentary. Automated methods often fail to cope with the dynamic nature of the systems and operations. In order to drastically increase our capability to achieve cyber security, we propose to develop a new visualbased network traffic characterization technology with which massive data flows be intelligently summarized into visual forms that can be efficiently employed in subsequent analysis steps. The resulting visualization, often highly abstracted notion of the data, makes what hidden in the information of excessive scale perceivable. We will place our focus on the development of visual means and interaction methodologies coupled with machine learning for characterizing network traffic and connectivity information. Our study intends to use massive and exhaustive collections of session summary data provided by our collaborators at the Lawrence Livermore National Laboratory. Our research results will thus directly benefit working analysts. We would like to eventually incorporate such new visualization based approach into all facets of a cyber security information management system, assisted by our collaborators at the Intel Corporation,in order to drastically enhance the effectiveness, usability and extensibility of both reactive and proactive systems to fight malicious cyber attacks and abuse. This one-year project gives us the opportunity to work towards this direction.
