WSU 2-color logo

Welcome to

CEG7560 - Visualization and Image Prcessing for Cyber Security

AVIDA

 

First assignment:

Install and/or familiarize yourself with the VTK framework using the provided lecture material as a guideline. The VTK website is a good resource for examples and test data. Create a visualization of geo locations of IP addresses on a globe. Use the VTK class vtkGeoAssignCoordinates to convert from longitude/lattitude to 3D locations similar to this example

Second assignment:

We believe an employee communicated with his/her handler(s) (a contact from the criminal network) through Flitter, however we do not know the Flitter name of the handler nor of the espionage organization. We believe that the associated network may take one of two forms of social structures:

A. The employee has about 40 Flitter contacts. Three of these contacts are his handlers, people in the criminal organization assigned to obtain his cooperation. Each of the handlers probably has between 30 to 40 Flitter contacts and share a common middle man in the organization, who we have code-named Boris. Boris maintains contact with the handlers, but does not allow them to communicate among themselves using Flitter. Boris communicates with one or two others in the organization and no one else. One of these contacts is his likely boss, who we've code­named Fearless Leader. Fearless Leader probably has a broad Flitter network (well over 100 links), including international contacts.

B. The employee has about 40 Flitter contacts. Three of these contacts are his handlers, people in the organization assigned to obtain his cooperation. Each of the handlers likely has between 30 to 40 Flitter contacts, and each probably has his or her own middle man in the organization, who we've code-named Boris, Morris and Horace. It is probable the middle men will not allow the handlers to communicate among themselves using Flitter. Each of the middle men probably communicate with one or two others in the organization, and no one else. One of the contacts for all of the middle men is the head of the organization, Fearless Leader. Fearless Leader has a broad Flitter network (well over 100 links) including international contacts.

In addition to the above, the two social structures have geospatial implications. While a target and handler may be in a large city, a middleman might be in nearby smaller locations. A leadership role, such as the one of Fearless Leader, would likely require a presence in a larger city.

Download dataset.

Reference: IEEE VAST mini challenge 2009

Third assignment:

Develop a video visualization for the provided security video feeds video1 and video2. Before the visualization step, preprocess the videos by using background subtraction and other suitable steps to eliminate as much unneeded information as possible for a cleaner final visualization.

Reference: IEEE VAST mini challenge 2009

Final project:

All Freight Corporation is a U.S. company that provides a range of shipping services, focusing on long haul and large-inventory commercial cargo. All Freight started as a regional shipping provider but over time has expanded to proving shipping services throughout the entire United States. Whereas expansion plans call for explanding their transportation options to include air transportation, All Freight currently ships via freight exclusively via trucks.

To support its business, ALL Freight operates a corporate computer network. A computer network operations (CNO) group at All Freight is responsible for managing all aspects of the corporate network. This includes system administration tasks, so that All Freight can conduct business (e.g., managing customer accounts, operating a web interface that allows customers to book orders directly, and scheduling truck routes). Lately, with increased public awareness of cyber attacks, the CEO of All Freight has also asked you, as technical lead of the CNO, to improve the overall situation awareness of the corporate network. The CEO thinks that situation awareness will help in managing daily operations as well ensuring computer security. This new cyber situation awareness project will be an added duty for the CNO team; no new hires are authorized to cover additional workload. As the technical lead, you are tasked to develop a situation awareness interface that will give insight as quickly and clearly as possible in order to minimize the burden on the CNO team. The interface should integrate essential information to enable comprehension at a glance.

These datasets are provided as possible input to the situation awareness interface:

  • A file describing the computer network architecture - This documentation includes a list of priority computers. These high priority nodes are essential to All Freight's ability to conduct business.
  • Security policy rules
  • A firewall log
  • An IDS log

Download dataset 1 and dataset 2.

Reference: IEEE VAST mini challenge 2011

Last modified Wednesday April 20, 2016
thomas.wischgoll@wright.edu