ECE: Electrical & Computer Engineering
ECE News

Computer systems

IT Security Lab

The IT Security Laboratory at Virginia Tech tests computer hardware and software for vulnerabilities, provides a testing facility for cooperative research, and actively monitors cyber intrusions and incidents at Virginia Tech.

Coping with information overload with visualization

Visualization of computer probing or attacking

A real-time visualization of computers probing or attacking the Virginia Tech computer network.

Information overload is the number one issue facing analysts who must monitor large amounts of data, according to ECE's Joe Tront, who is working on a team to create a visualization system for data management. "Most people simply discard portions of the information until it reaches a manageable level, but this means that vital information may be discarded — leading to incorrect conclusions," he said. Observing the activity of computer security attacks is particularly difficult because the perpetrators are purposely obscuring the way in which they execute their attacks.

Tront is working with Virginia Tech’s Information Security Laboratory director Randy Marchany and graduate students Will Urbanski, Mathew Dunlop, and Stephen Groat to develop the Converged Security Visualization Tool (Cover-VT). Cover-VT is a web-based application that shows a visual representation of the big picture for a set of data, letting the analyst see trends in the data. The analyst can then zoom in on any area to see more details — as much detail as is contained in the raw data. There are also filtering tools to help sift through the data.

Cover-VT is designed for analyzing many kinds of data, but the initial application is network security. Using an instance of Google Earth, Cover-VT can map the IP addresses responsible for attacks on a network to their geographic locations.

Other possible applications for Cover-VT include law enforcement and analysis of social networking. In a hostage situation, Tront explained, identifying the mobile networked devices in a locked down facility could suggest how many hostages are being held. Theft tracking and social networking predictions are a couple of the other applications for which the tool can be used.