Snort IDS Noise 10000 Alerts
Snort IDS Noise 10000 Alerts

Here is a quick end-of-year update on my 2016 cyberspace situational awareness (CSA) research projects:

(1)   Rebooted my cyberspace situational awareness research in mid 2016, based on part on discovering over 1000 scholarly references to my work (in this area) on Google Scholar.

(2)  Surveyed the literature above and updated ResearchGate.

(3)  Initiated research collaborations with a number of people who contacted me on  ResearchGate  and LinkedIn after the update.

(4)  Revised and updated my legacy CEP blog to focus on CSA.

(5) Reviewed hundreds of peer viewed papers related to cyberspace situational awareness and network security situational awareness and posted sample  citations (for reference) to my prior work on my blog.

(6) After completing my orientation on the state-of-the-art of CSA R&D, made the decision to focus my current research on:

a. Representing cyberspace as a union of graphs.

b. Graph processing.

c. Graph visualization.

(7) Drafted an initial presentation on Cyberspace Situation Graphs and made the draft publicly available on ResearchGate.

(8) Evaluated many state-of-the-art graphing engines in the context of representing cyberspace graphically.

(9) Made the decision to focus on JSON to serialize the objects and to serialize object-bases for transmission and storage of objects and object-bases between computers and on storage media.

(10) Experimented with graphing engines using the unix / linux netstat command as a software sensor, parsing, clustering and enriching the raw sensor data with PHP scripts, and representing this with various graphing engines.   Published a number of rough video captures of these experiments.

(11)  Made the decision to focus my current experiments on visualizing cyberspace using D3.js and processing the raw server-side sensor data with PHP.

(12)  Submitted a draft paper to the CACM for peer review based on discussions and encouragement with ResearchGate collaborator and PhD student Rich Zuech.

(13)  Evaluated LEAP Motion for manipulating D3 graphs.  Discovered I’m not very good at hand waving gestures in mid-air to control zoom, pan, select and click.  Shelved the LEAPer.

(14) Experimented visualizing Snort IDS alerts as a software sensor and representing this sensor data with various D3 layouts.   Published a number of video captures of these experiments.

(15) Rejected a number of proposals and vague offers to work commercially in both the US and in Asia.

(16) Wrote thousands of lines of server-side PHP code and butchered a lot of client-side Javascript.

(17) Annoyed a lot of people on LinkedIn with my constant CSA status updates.

(18) Exasperated Retired MG Dale Meyerrose in his efforts to update the USAF history books regarding the Langley Cyber Attacks by insisting the most significant outcome of this historic event was our follow-up work on cyberspace situational awareness and cyberspace as the 5th dimension of warfare.

As far as I can recall, that’s about all the CSA damage I did in 2016.   It’s now time to begin to think about what aspects of CSA I will focus on in 2017 and who to annoy with my updates and exasperate with my worldviews.

More on this later ….

Special 2016 Acknowledgements:

Rich Zuech – Brainstorming, encouragement and collaboration.

Rob Meyer –  Brainstorming and pointing me toward graph theory and big data analytics.

Robert Camp – Brainstorming and Beer.

Naruemon Saweangphon  – Patience, Laughing, Sincerity, Delicious Thai Food.