Date:31 July 2017
Cyber security analysts may soon be able to travel through cyber space like outer space and see attacks with the naked eye.
Humans are inherently attuned to potential threats around them. Whether it’s a rustle in the bushes or a car approaching an intersection. But increasingly, the threats we face aren’t physical—they’re digital, and it’s much harder to see them coming. That’s why Tim Bass and his team are working on a way to visualise cyber activity in three dimensions, helping security experts recognise attacks.
For more information and updates, visit Bass’s project on ResearchGate.
Bass is an independent cyber security consultant who rose to prominence advising the US military on cybersecurity issues in the 1990s. He teamed up with computer scientist Richard Zuech on ResearchGate to create a tool that shows cyber space like outer space.
The cyber space visualisation tool
Users of the tool enter a three-dimensional world of colour-coded dots that float in the dark like stars. In the prototype, the dots represent traffic to a website or server. A regular website user can be identified by a green or blue dot. The dots respectively indicate their logged in or out status. Yellow dots are harmless bots, perhaps a search engine indexing the site. Red dots indicate a potential threat, a bot or user behaving suspiciously. Suspicious behaviour could be anything from visiting restricted parts of a site to a huge number of failed login attempts.
Prototype shown with and without space scene graphics. While added graphics make the application more appealing, initial experiments suggest they may also distract analysts. Courtesy of Tim Bass.
Zooming through the visualisation is a little like a playing a video game, and intentionally so. “Typically, defenders monitoring for attacks are looking at a bunch of logfiles, lines of text that report activity,” explains Zuech. “It’s really kind of boring to look at a logfile,” says Bass. “With a visualisation, you can collaborate with someone on the other side of the world in the same cognitive space. You see things you wouldn’t otherwise see. And it’s more fun—analysts will actually pay more attention and want to spend more time on cyber security.”
In testing, both Bass and Zuech found malicious activity, like bots disguised as mobile users clandestinely indexing a site. This might not have stood out using traditional techniques.
Bass and Zuech rely on human eyes and brains to recognise attacks. This is because it would be easy for hackers to fool a program that detected them automatically. If intruders know what will trigger an alert, they can do so intentionally to create a diversion, and distract from other malicious activity. That’s why it’s important to get all the activity on a server, not just identified threats, in front of a human analyst, says Bass: “We need humans in the loop to identify new, unexpected patterns.”
The idea for the project originated when Bass was working as a military consultant. It occurred to him that objects in cyber space could be tracked just as objects in airspace and outer space are. But it wasn’t until a decade after he retired, when he met Zuech, that he started building an application to make it happen. “He inspired me to come out of retirement and turn these ideas into reality,” said Bass. Zuech, who is pursuing a PhD in computer science at Florida Atlantic University, had cited Bass’s work. “One day I got an alert from ResearchGate that Tim Bass had read my survey paper,” he said. “To me, Tim was really a legend. I’d found his research so thought-provoking that I messaged him. He wrote back, and we started chatting. The next thing I knew, we were collaborating.”
Since then, the two have created a prototype and are working to improve it. They hope that one day, visualisations like theirs will be used by everyone from military analysts to corporate cyber security teams. “A lot of cyber security research has focused on the backend—writing better algorithms for AI, aggregation, clustering—but I consider the human element to be the most important,” says Bass. “As cyberspace grows faster than our ability to protect it, we need to find ways to make the most of that human cognitive ability.”