RE: [logs] security animation - datamining experiment

From: Solomon, Frank (sysfrankat_private)
Date: Wed Feb 12 2003 - 04:03:31 PST

  • Next message: Sean deBardelaben: "RE: [logs] security animation - datamining experiment"

    Tom,
    
     
    
    That's a pretty neat animation.  Definitely looks better in QT than in
    Real Player though.
    
     
    
    I'm sort of curious.  What resource did you use to map the IP numbers
    back to geographic locations?
    
     
    
    Frank Solomon
    
    University of Kentucky
    
    http://www.franksolomon.net <http://www.franksolomon.net/> 
    
    "When you get as old as I am, you start to realize that you've told
    
    most of the good stuff you know to other people anyway."
    
    --Richard Feynman
    
     
    
    -----Original Message-----
    From: Tom Perrine [mailto:tepat_private] 
    Sent: Tuesday, February 11, 2003 2:47 PM
    To: loganalysisat_private
    Subject: [logs] security animation - datamining experiment
    
     
    
    
    *** PGP Signature Status: good 
    *** Signer: Tom Perrine (Invalid) 
    *** Signed: 2/11/2003 2:46:21 PM 
    *** Verified: 2/12/2003 6:45:18 AM 
    *** BEGIN PGP VERIFIED MESSAGE *** 
    
    Yesterday I posted on our web pages our first animation of a long-term
    log analysis. This is a mini-data-mining experiment that I hope you'll
    like and find interesting. If nothing else, it should spark some
    discussions about analysis :-) It's an animation derived from all of our
    syslog records from 12/1996 through 12/2002, showing all the connections
    into SDSC.EDU from non-US sources. Since we have almost no non-US users,
    this is a simple way to try to characterize "intent". We started with
    3.4 billion records, and filtered/mined down to about 1 million or so.
    Details of the data and analysis methodology are on the web page. If you
    run the animation slowly, you will perhaps see the Internet moving into
    Eastern Europe in the late 90's, and some real spikes from Canada,
    Mexico, Brazil, Portugal, etc. I'm still not sure *exactly* what I'm
    seeing in this animation :-), but its a start at visualizing "security".
    Enjoy. The animation is off our main security web page at:
    http://security.sdsc.edu/ -- Tom E. Perrine | San Diego Supercomputer
    Center http://www.sdsc.edu/~tep/ | 
    
    *** END PGP VERIFIED MESSAGE *** 
    _______________________________________________ LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis 
    
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 11:17:57 PST