Michael

Christian

My Weekly Journal

Click link below to view journal

I arrived at The University 0f Texas at Dallas this week. I met my roommate for the summer his name is Carlos and he attends UAC in Chicago. We will be working with Professor Alvaro Cardenas here at UTD. I learned that I will be working with intrusion detection systems for the summer and possibly creating some visualizations. We where handed a paper written by professor Cardenas titled "Cyber Security Basic Defense and Attack Trends".

This week we were asked to get Security Onion installed on our computer and get a feel for the various applications within the program. I set up Security Onion in a virtual box on mac os x.

Week three was a pretty busy week. We had two meeting this week Tuesday and Thursday, which is now our set time to me with the professor. Professor Cardenas assigned us a four-page paper to write on Bro, after spending so much time on bro the paper actually went smooth. We also received word that we will be visiting the UTD security information center to see how they incorporate Splunk. Splunk is a visualization tool that we will be using to do our visualizations displaying our 1tb of data we are getting from a company in Dallas TX. Since I have been in Texas I have noticed a few restaurants that I've only heard of. This week I decided to check out Whataburger, which is a burger joint that is only in 10 states at the moment. I ordered the double Whataburger with fries and a drink. The first two words that come to mind when trying to describe the burger are HUGE and DELICIOUS. I would defiantly recommend this restaurant to friends.

We are now exploring dashboards used to interact with intrusion detection systems. One that we are taking a real close look at is Snorby and the feasibility of integrating it with Bro. Snorby is a ruby on rails web application for network security monitoring that interfaces with current popular intrusion detection systems (Snort, Suricata and Sagan). We also downloaded a sixty-day trial version of Splunk since we will be using that for visualization. On another note I didn't get a chance to try any new restaurants this week but the next one will be Raising Cane's which is famous for their chicken fingers.

This week went more in depth with Splunk more. We read "Exploring Splunk" by David Carasso and then we created a PowerPoint to present for Thursdays meeting. We also took a look at the VAST Challenge 2013: Mini-Challenge, which deals with a network security dataset of the fictitious Big Marketing Company. We are trying to see if we could complete the challenge with the tools we have learned so far via Bro, Splunk, and Snorby etc.

I have also started playing basketball in my free time. I like to think I’m pretty good seeing that I did play some college ball. There are a lot people around here that play ball regularly so it makes for good competition.

This week we received our data and have began the first stages of our actual project. I wrote a python script to read all of the PCAP files and provide all of the log files for later analysis. In total there are about 200 gigs of data, which is more than I've ever considered processing at once, but I guess in the “real world” this is to be expected. We had our usual meeting on Tuesday where we discussed our progress and collaborated on our findings. I have also started working with Scapy, which is a packet manipulation tool for computer networks written in Python. I have enjoyed this week because the goal has been clear and I feel like progress is being made. I can kind of compare it to a test. In the previous weeks it has been like studying where you hope you have everything covered even though you do all the homework you wondering if the teacher will try to trip you up on the test so you cover extra material. This week has been like the test, when the teacher hands out the test you instantly know if you're good (you studied the right things) or if you will be the last one leaving (you didn't study enough). In this case we where lead in the right direction and everything is going smooth. On another note I had a chance to witness one of the most exciting games in the world cup (my opinion). Usually there's not a lot of scoring in soccer but in the Brazil vs. Germany game there was plenty of scoring going on (by the Germany team).

This week I am still analyzing the data from the PCAP files. During our weekly meeting we were instructed to create a connection matrix to track the IP communication. Thursday we visited the UTD Security Operations Center. The security team put together a pretty extensive PowerPoint presentation for us. They covered some security programs that are being used in the real world and some that they are currently using to secure UTD. Some of these programs we are using in our research now. They also gave use some pointers on what to expect in the real world when attempting to break into the workforce. Overall it was a very informative meeting and I left felling like what we are learning now will be put to use one day.

This week we presented that data presented the data we analyzed last week. We completed the connection matrix for the IP's in the Bro conn.log. We also set up a Github account and repository so now collaboration is much easier. After spending some time discussing our findings we where instructed to create graph to display parts of the data. My job is to create a graph showing which external IP's are communicating with the host IP address and how many times do they make a connection.

Week 9 is upon us and now time seems to really be moving fast. This week we made more visualizations, my task was to create a to show the connections between host server and external IP addresses along with the amount of connections between the two. The chart gave us a broad overview of the communication of the host server, and a little insight to how the network looked. I created the display using D3 which is a Javascript library for manipulating data based on data.

Week 10 is here! Even though the end of our 10 weeks are only a few days away, the work will defiantly continue. This week we attempted to wrap things up with charts and finishing the paper. I was instructed to construct a HIVE plot to display the modbus and non-modbus connections. I started by researching the topic and found a program called Cytoscape along with the R language and thats what I used to attempt to get the Hive plot working correctly. Due to time I will be working on the Hive Plot from home.