French Chapter

Know Your Tools: use Picviz to find attacks

christian.seifert — Thu, 26 Nov 2009 12:27:54 -0500

We are very excited to announce the publication of our first paper in the new Know Your Tools paper series: “KYT: use Picviz to find attacks” authored by Sebastien Tricaud from the French Chapter and Victor Amaducci from the University of Campinas.

The paper can be downloaded at Know Your Tools: use Picviz to find attacks.

Paper Abstract
Picviz is a parallel coordinates plotter which enables easy scripting from various input (tcpdump, syslog, iptables logs, apache logs, etc..) to visualize data and discover interesting aspects of that data quickly. Picviz uncovers previously hidden data that is difficult to identify with traditional analysis methods.

In the first paper of our new Know Your Tools series, Sebastien Tricaud from the French Honeynet Project Chapter and Victor Amaducci from the University of Campinas, focus on Picviz. After a brief overview on parallel coordinates, Picviz architecture, and installation procedure, three real-world examples are presented that illustrate how to identify attacks from large amounts of data: Picviz is used to analyze SSH logs, Apache access logs and network traffic. With these examples, it is demonstrated how Picviz can find attacks that previously have been hidden.

Recent additions to Picviz GUI have been made by Victor Amaducci under the mentorship of Sebastien Tricaud as part of the Google Summer of Code program 2009. The most recent version of Picviz is freely available for download from its project site at http://www.wallinfire.net/picviz and support can be sought from the Picviz mailing list at http://www.wallinfire.net/cgi-bin/mailman/listinfo/picviz..

French Chapter

Picviz 0.5 out

sebastien.tricaud — Sun, 25 Jan 2009 08:23:53 -0500

The new release 0.5 of Picviz is out. This version comes with real-time mode enabled (and adds the libevent dependency) among other things, such as new properties and variables. Get it from the usual place. What is Picviz?

When considering log files for security, usual applications available today either look for patterns using signature databases or use a behavioral approach. In both cases, information can be missed. The problem becomes bigger with systems receiving a massive amount of logs.

French Chapter

French Chapter - Chapter Status Report For 2008

sebastien.tricaud — Sat, 24 Jan 2009 17:42:05 -0500

ORGANIZATION

Changes in the structure of your organization.

Just like the phoenix, the French Honeynet project resurrected: thanks to attackers not taking any break, making us willing to understand what's going on. The project re-started in December 2008.

French Chapter

My usenix WASL 2008 slides are available

sebastien.tricaud — Mon, 8 Dec 2008 12:59:07 -0500

I gave a lecture on Picviz during the Usenix Workshop on the Analysis of System Logs (WASL 2008).

My slides 'Picviz: finding a needle in a haystack' are available right here.

I also ran for the Cray log analysis contest analysis. Slides of stuff I discovered are here.

French Chapter

About The Honeynet Project

drupal — Sun, 10 Aug 2008 20:54:48 -0400

Founded in 1999, The Honeynet Project is an international, non-profit (501c3) research organization dedicated to improving the security of the Internet at no cost to the public. With Chapters around the world, our volunteers are firmly committed to the ideals of OpenSource. Our goal, simply put, is to make a difference. We accomplish this goal in the following three ways.

Chicago Chapter