Reprinted Courtesy of ResearchGate
Researchers render cyberspace like a 3D video game to make identifying threats easier
Cybersecurity analysts may soon be able to travel through cyberspace like outer space and see attacks with the naked eye.
Humans are inherently attuned to potential threats around them, be it a rustle in the bushes or a car approaching an intersection. But increasingly, the threats we face aren’t physical—they’re digital, and it’s much harder to see them coming. That’s why Tim Bass and his team are working on a way to visualize cyber activity in three dimensions, helping security experts recognize attacks.
For more information and updates, visit Bass’s project on ResearchGate.
Bass is an independent cybersecurity consultant who rose to prominence advising the US military on cybersecurity issues in the 1990s. He teamed up with computer scientist Richard Zuech on ResearchGate to create a tool that shows cyberspace like outer space.
Users of the tool enter a three-dimensional world of color-coded dots that float in the dark like stars. In the prototype, the dots represent traffic to a website or server. Green and blue dots are regular website users, logged in or out respectively. Yellow dots are harmless bots, perhaps a search engine indexing the site. Red dots indicate a potential threat, a bot or user behaving suspiciously. Suspicious behavior could be anything from visiting restricted parts of a site to a huge number of failed login attempts.
Prototype shown with and without space scene graphics. While added graphics make the application more appealing, initial experiments suggest they may also distract analysts. Courtesy of Tim Bass.
Zooming through the visualization is a little like a playing a video game, and intentionally so. “Typically, defenders monitoring for attacks are looking at a bunch of logfiles, lines of text that report activity,” explains Zuech. “It’s really kind of boring to look at a logfile,” says Bass. “With a visualization, you can collaborate with someone on the other side of the world in the same cognitive space. You see things you wouldn’t otherwise see. And it’s more fun—analysts will actually pay more attention and want to spend more time on cyber security.” In testing, both Bass and Zuech found malicious activity, like bots disguised as mobile users clandestinely indexing a site, that might not have stood out using traditional techniques.
Bass and Zuech rely on human eyes and brains to recognize attacks because it would be easy for hackers to fool a program that detected them automatically. If intruders know what will trigger an alert, they can do so intentionally to create a diversion, and distract from other malicious activity. That’s why it’s important to get all the activity on a server, not just identified threats, in front of a human analyst, says Bass: “We need humans in the loop to identify new, unexpected patterns.”
The idea for the project originated when Bass was working as a military consultant. It occurred to him that objects in cyberspace could be tracked just as objects in airspace and outer space are. But it wasn’t until a decade after he retired, when he met Zuech, that he started building an application to make it happen. “He inspired me to come out of retirement and turn these ideas into reality,” said Bass. Zuech, who is pursuing a PhD in computer science at Florida Atlantic University, had cited Bass’s work. “One day I got an alert from ResearchGate that Tim Bass had read my survey paper,” he said. “To me, Tim was really a legend. I’d found his research so thought-provoking that I messaged him. He wrote back, and we started chatting. The next thing I knew, we were collaborating.”
Since then, the two have created a prototype and are working to improve it. They hope that one day, visualizations like theirs will be used by everyone from military analysts to corporate cybersecurity teams. “A lot of cybersecurity research has focused on the backend—writing better algorithms for AI, aggregation, clustering—but I consider the human element to be the most important,” says Bass. “As cyberspace grows faster than our ability to protect it, we need to find ways to make the most of that human cognitive ability.”
Reprinted Courtesy of ResearchGate: Researchers render cyberspace like a 3D video game to make identifying threats easier – 24th July 2017, by Katherine Lindemann