Research Maps Out Cybersecurity Threats

Feb. 6, 2013

It takes a sharp eye to catch a potential cyber threat on a computer network.

There’s an enormous amount of data to sift through. Normal and suspicious activity stream together from many different sources. Lines and lines of text-based activity reports must be read to detect threats.

Those reports aren’t easy for the human brain to process. Humans can more easily understand information when it’s translated into something visually familiar. Like a geographic map.

One example of what’s called a metaphorical map shows the relationship of  Worldwide Web sites. Clusters of similar sites are colored so that they look like countries. These clusters are laid out into what looks like a continental map.

The map helps to organize the information for quicker understanding of the types of sites on the Web.

In the world of cybersecurity, this method in real time could help security monitors quickly detect suspicious activity that can cripple a computer network.

Grant Funds Visualization System Research

That’s the foundation behind the work of University of Arizona engineering and computer science researchers who recently won a $3.6 million contract.

The grant from the Office of Naval Research is part of its Computer Network Defense and Information Assurance (CND/IA) project that studies ways to visualize malicious network activity.

“Visualizing this complex system requires the development of efficient data-gathering, filtering, storing, updating and eventually displaying mechanisms that would suppress normal network activities while highlighting suspicious traffic in real time," says UA associate professor Srinivasan Ramasubramanian, one of the grant researchers.

“A significant challenge in this research is using the visualization system for detecting and displaying ongoing attacks, which are otherwise left unnoticed when examining raw data logs or performing automated detection,” he says.


Other research team members are associate professors Christian Colberg and Stephen Kobourov and assistant professor Loukas Lazos.

They are the principal investigators of Netvue, the Network Visualization Engine project housed within the UA’s departments of Electrical and Computer Engineer and Computer Science.

Netvue’s real-time visualization system using metaphoric maps would become part of a distributed intrusion detection system that quickly identifies suspicious network activity such as intrusive port scans, denial-of-service attacks and topological attacks in mobile networks.

Tucson-based technology firm Ephibian, which provides software development, database, web and information security services, is an industry participant.

UA College of Engineering alumni founded Ephibian after working together on building management information systems for the U.S. Army. Those systems included elements of the milnet, the precursor to the internet.