Closing the loop
Security Incident Fusion Tools (SIFT), a set of computer security visualization tools developed at NCSA by the Cluster Security Group, brings together the complementary strengths of humans—visual pattern discovery—and computers—pattern-matching—in large data sets. The result is a process loop that goes from collection and visualization of log data by the computer to pattern discovery by the human operator back to translation into a query/rule set that the computer can use to process raw data again, thus repeating the cycle. The resulting visualizations could, ultimately, be used to visually create firewall rules, automatically generate intrusion detection system rules, and create anomaly detection algorithms.

During its three years of support from NCASSR, the SIFT project has generated over 60 research papers and 10 security visualization software packages used in production environments worldwide. In 2004, SIFT organized the first International Workshop on Computer Security Visualization (VizSEC), in large part responsible for the creation of the new research field of security visualization. This year, the Third VizSEC workshop (VizSEC 2006) will focus on "Effective Internet Security Situational Awareness" and will be held in November at George Mason University in Fairfax, VA, chaired by SIFT principal investigator Bill Yurcik.

+ click to enlarge



Screenshot of output of VisFlowConnect-IP, a security visualization tool which allows users to visually assess the connectivity of large and complex networks in a single window with drill-down views that provide more details on demand. VisFlowConnect-IP is a component of SIFT.


Return to Feature Story list


The National Center for Advanced Secure Systems Research NCASSR) at the University of Illinois at Urbana-Champaign (UIUC) is a multi-institutional cybersecurity research team. NCASSR focuses basic and applied research necessary to develop next generation information security technologies that address national cybersecurity needs. NCASSR is led by the National Center for Supercomputing Applications (NCSA) and supported by funding from the Office of Naval Research (ONR).


SELS 0.7 released
Secure Email List Services (SELS) is an open source software for creating and developing secure email list services among user communities.
 
Strong community engagement strengthens cybersecurity research and development
NCASSR-supported exploratory research at NCSA and elsewhere has sparked additional external funding and development opportunities as well as successful deployment and adoption by users ranging from the defense sector to state law enforcement to the utilities industry.
 
NCASSR Collaborator Goes To Washington
Carl Gunter, a professor in the University of Illinois Department of Computer Science and a project lead on NCASSR-supported work involving adaptive, secure messaging, recently spoke to an audience of congressional staffers and lobbyists on Capitol Hill regarding ways to address a variety of critical cybersecurity issues in areas such as healthcare and energy distribution.