Entries by Robert Gove

Graph Layout by Random Vertex Sampling

What do you do if you need to visualize a large graph with hundreds of thousands or millions of vertices? Force-directed graph layouts are a good, general-purpose way to see the structure of a graph, but the algorithms can take several hours to run on such large graphs. I propose a new way to speed […]

Visualizing Automatically Detected Periodic Network Activity

A major challenge in network security is identifying malicious activity among all of the non-malicious activity. Studies on malware find that many malware families generate periodic network traffic, such as pinging a command and control server. However, a lot non-malicious software also generates periodic network activity, such as keepalive messages to keep connections open. In […]

6 Ways to Visualize Graphs

Graph datasets are everywhere, and whether you call them graphs or networks, visualizing them is a challenging problem. In some sense, graph visualizations take an n-dimensional dataset and visualize it in two dimensions. (Or three dimensions, but that’s a debate for another day.) It might seem like we are losing a lot of information, but […]

V3SPA: An Open Source Tool for Visually Analyzing and Diffing SELinux/SE for Android Security Policies

SELinux and SE for Android can be a crucial part of securing a system, but the size and complexity of SELinux security policies make them challenging for security policy administrators to develop and maintain security policies. For example, the sesearch utility shows 94,420 allow rules in the 20141203 version of the Tresys reference policy. To address these challenges, we […]

Invincea Labs publishes two malware visual analysis papers at VizSec 2014

Invincea Labs’s research engineers published two papers in this year’s proceedings of Visualization for Cyber Security (VizSec). The papers describe research that the authors and their teammates performed on DARPA’s Cyber Genome program for performing malware analysis at scale. In the first paper, Robert Gove and his coauthors describe their work on the Similarity Evidence […]