Network Security Realm: A Cybersecurity Situational Awareness Visualization
Shane Zamora, Nichole Stockman, Arvin Faruque, Tobias Höllerer
(Above left: Three routers and their attached switches. The glowing cloud indicates the Internet. | Above right: A router with many switches and two firewalls.)
Network Security Realm (NSRealm) is a plugin-based 3D visualization tool for cybersecurity situational awareness developed for use in the UCSB AlloSphere, a three story tall immersive spherical display. NSRealm manages a 'space' that can be populated with datasets and network topologies, as well as various static geometric entities. It is being developed as part of a Department of Defense Multidisciplinary University Research Initiative (MURI) for Cybersecurity Situational Awareness with collaboration between UC Santa Barbara, UC Berkeley, and Georgia Tech.
Plugins are written to augment and annotate the networks that are being visualized so that their specific properties and their associated datasets may be better understood. These plugins can render their visualizations to a common viewport shared by all plugins or to their own viewport. NSRealm is currently implemented using OpenGL and C++ and includes support for accessing datasets stored in SQL databases using MySQL Connector. It also supports streoscopic 3D, and High-Definition Range (HDR) rendering.
Three plugins have been developed so far. They include the following:
- SSH Request Visualization:
This plugin displays information from a dataset of SSH requests sent from and to a specific network. Colored spheres appear on a 3D model of the earth at the geographical locations of the source and destination computers. The sphere's color is determined by whether the host is sending or receiving an ssh login request. As the time moves past the time when an ssh request was made, the respective lighted spheres move outward from the globe and fade until they disappear. This allows them to remain noticeable even at high playback speeds.
- Traffic Visualization:
The goal of this plugin is to show "light pulses" that travel along the connections between routers, switches and hosts in order to visualize the amount and type of traffic as it travels across the network. The pulses are lighted according to same color scheme as in the SSH Request Visualization plugin.
- Game Treemap Visualization:
Game theoretic abstractions are useful for understanding network security scenarios. This plugin lets a user "play" a simple game with the aid of treemap visualizations of the game's game tree, thus displaying all potential outcomes according to the user's move. The eventual goal of this plugin is to allow a user to make informed network configuration decisions with the help of treemap visualizations.