- About us
- Code of Conduct
- Google SoC
- Recent posts
- Security Workshops
French chapter achieved its reorganization in 2011.
First founded by Sebastien Tricaud, it is now co-led by both Sébastien Tricaud and Guillaume
In 2011, we welcomed a new member: Franck Guénichot, one of the Forensic Challenges best
We've also set new status and attribution among members:
We are very excited to announce the publication of our first paper in the new Know Your Tools paper series: “KYT: use Picviz to find attacks” authored by Sebastien Tricaud from the French Chapter and Victor Amaducci from the University of Campinas.
The paper can be downloaded at Know Your Tools: use Picviz to find attacks.
Picviz is a parallel coordinates plotter which enables easy scripting from various input (tcpdump, syslog, iptables logs, apache logs, etc..) to visualize data and discover interesting aspects of that data quickly. Picviz uncovers previously hidden data that is difficult to identify with traditional analysis methods.
In the first paper of our new Know Your Tools series, Sebastien Tricaud from the French Honeynet Project Chapter and Victor Amaducci from the University of Campinas, focus on Picviz. After a brief overview on parallel coordinates, Picviz architecture, and installation procedure, three real-world examples are presented that illustrate how to identify attacks from large amounts of data: Picviz is used to analyze SSH logs, Apache access logs and network traffic. With these examples, it is demonstrated how Picviz can find attacks that previously have been hidden.
Recent additions to Picviz GUI have been made by Victor Amaducci under the mentorship of Sebastien Tricaud as part of the Google Summer of Code program 2009. The most recent version of Picviz is freely available for download from its project site at http://www.wallinfire.net/picviz and support can be sought from the Picviz mailing list at http://www.wallinfire.net/cgi-bin/mailman/listinfo/picviz..
The new release 0.5 of Picviz is out. This version comes with real-time mode enabled (and adds the libevent dependency) among other things, such as new properties and variables.
Get it from the usual place.
What is Picviz?
When considering log files for security, usual applications available today
either look for patterns using signature databases or use a behavioral
approach. In both cases, information can be missed. The problem becomes
bigger with systems receiving a massive amount of logs.
Just like the phoenix, the French Honeynet project resurrected: thanks to attackers not taking any break, making us willing to understand what's going on. The project re-started in December 2008.
I gave a lecture on Picviz during the Usenix Workshop on the Analysis of System Logs (WASL 2008).
My slides 'Picviz: finding a needle in a haystack' are available right here.
I also ran for the Cray log analysis contest analysis. Slides of stuff I discovered are here.
The Honeynet Project is a leading international 501c3 non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight against malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world.