Design to discover: security analytics with 3D visualization engine

Friday 26 September 12:00 - 12:30, Green room.

Thibault Reuille OpenDNS
Dhia Mahjoub OpenDNS

   This paper is available online (HTML, PDF).

When predicting and containing malware or botnet infections, we can draw some ideas from studies of disease epidemics.

The malware research community has long dedicated its expertise to dissecting malware binaries, examining footprints on victim systems - studying the disease and the patient in an isolated environment, if using the disease study as an analogy.

Using the same analogy, our approach is different. Instead of studying the diseases themselves, we study a collective pool of victims (patients) and the behaviour of bad actors (diseases). We have built mathematical and statistical models for identifying the correlations of symptoms/IOCs (Indicator of Compromise), which help to further pinpoint unknown bad actors. Our data-driven analytical models help us effectively extend intelligence from an initial event onwards incrementally.

At the same time, intelligence exploration can be greatly assisted with a sophisticated visualization engine, as the simple truth is that a picture is worth a thousand words. We will introduce our in-house-developed OpenGL visualization engine that supports large-scale data 3D graphing and interactive intelligence searching. In our presentation, we will have a number of 3D demos to accompany our use cases and some very interesting ways of looking at data and intelligence. The design of the system facilitates an improved user experience for our day-to-day intelligence researchers.

Click here for more details about the conference.

Thibault Reuille

Thibault Reuille

Thibault Reuille is a security researcher at OpenDNS, Inc. His research is mainly focused on big data visualization. At a very young age, Thibault fell in love with the demoscene and everything related to computer-generated art. He started to teach himself 3D graphics and went to the EPITA school in Paris, France. He later joined the LSE, the computer security laboratory, for a total period of four years, where he spent a lot of time breaking everything he could. He built up a solid knowledge of reverse engineering, pen-testing, secure programming, exploit writing and many other (in)security-related techniques. After obtaining his Master's degree in 2010, Thibault decided to move to California and accepted a position at Nvidia Corporation. This is where he had the chance to refine his 3D graphics knowledge and to dig deep inside the GPU mechanisms and the OpenGL API. He stayed at Nvidia for four years. Finally, Thibault found a new job at OpenDNS Inc. as a security researcher and has been working there since June 2013. He is developing a 3D engine capable of rendering large amounts of data and extracting intelligent patterns from it using advanced graph theory. He believes the combination of visualization, distributed computing and machine learning is the key to taking computer intelligence to the next level. Thibault has presented at several conferences including: CanSecWest Vancouver (March 14, 2014), BSides SF (February 23, 2014) and BayThreat 4 (December 6, 2013).


Dhia Mahjoub

Dhia Mahjoub

Senior Security Researcher at OpenDNS, Dhia Mahjoub works on research and development problems involving DNS, security, big data analysis and networks. He focuses on building fast predictive threat detection systems based on the monitoring and analysis of traffic and hosting infrastructures. Dhia holds a Ph.D. in computer science from Southern Methodist University, Dallas with a specialty in graph theory applied on wireless sensor networks. He has a background in computer networks and enjoyed writing sniffers and port scanners. Dhia has presented his research at BSides NOLA, APWG eCrime, BSides Raleigh, BotConf, BSides San Francisco, ISOI 13, SOURCE Boston and BSides NOLA. He is also member of the non-profit security research group MalwareMustDie, helping track botnets and other malicious sources on the Internet.