Visualization of Information Trade Wars

Practising Information Warfare In Cyberspace

Presented at InfoWarCon95, Washington,D.C.
September 1995

Stuart Rosenberg
Jo Seiler


Core War is used to demonstrate how we took existing fighting programs, and created a visual model of information warriors. In transferring the experiences of the Core War project to the real world, we have defined another model closer to real-time information exchange as a platform for our visual information warriors.

Using the Internet as an accessible working environment we integrated our concepts by creating a functional model of a simulated economy. Our experimental entity, West Bank Industries, is created as a secure system to visually monitor internal patterns of information flow.

The importance of this visualization is clear, the mechanisms of infiltration programs must be analyzed in real time to develop immediate defensive response.

1. Introduction

Increased flow of digital information over international electronic networks has produced many new applications and techniques for the protection of local data. The use of real time visualization as a defensive measure against outside intruders, offers an alternative safeguard to the securing of information flow.

A visual environment must interpret the methods of internal processes and that of possible offenders who use computer networking as their medium of attack. A well known means of offense is that of computer virus programming, its proven as the most feared weapon from inside electronic information systems. Using the Internet game Core War as a testing ground for visualizing computer based combat, the experiences have been applied to a real world simulation.

2. Core War as a model for info warriors

2.1 About Core War

Core War was originally conceived in 1984 by A.K.Dewdney at the University of Western Ontario, Canada. It is based upon the concept where two or more computer virus programs battle each other in an enclosed virtual battle zone. The warriors are written in a specified assembly language called "redcode" and the battles are run in a virtual battle zone called MARS. The object of the game is to cause all the opposing programs to terminate, leaving one program in sole possession of the machine.

It is played over the Internet with worldwide participants. The warrior programs consist of single lines to hundreds of code line instructions. The complexity of warrior programs has increased during the past years making it very difficult, unless completely immersed in the game, to understand a warriors strategies.

At the time this research began, the existing visualization software didn't fit the need of a quick real time interpretation of running battles. By adapting the shareware source code of Mac PMars by Ma, Sieben, Strack, and Wangsaw, a new layer of visualization functions was created. An extendible graphic language was defined using three syntactical elements: a pulsing square for executing processes, a spinning square for processes crawling through memory, and arrows for bombing instructions. Even with these few key elements complex warrior structures can easily be analyzed in real time.

Fig1. Original PMars Visualization

What we see here is the traditional visualizuation of Core War battles. Core War is a simulated computer with a circular memory. Each memory address is represented as a dot in this window. The standard memory size is of 8000 addresses. In the beginning of a CoreWar battle, warrior programs are loaded to random memory positions and once the battle starts, every warrior program executes one function and then turns over to the other.

The example shows a fight between to standard warrior programs Dwarf and Gemini Cannon. The actions of Dwarf are represented as black on white and the actions of Gemini Cannon vice versa.

As seen, not every memory location is represented as a dot. There are several symbols representing the state of memory. For example the slash means that this address of memory was filled by one of the two processes, so black slashes mean, it was filled by Dwarf and white slashes on black background represent the memory changes caused by Gemini Cannon. Blocks show locations, where code has been executed. Gemini Cannon has lots of blocks, meaning that there are several no connective memrory locations, where code has been executed. On the other hand, Dwarf has only a short segment of memory, where it executes code.

Fig 2. Visualization with Visual Core War

This picture shows a still of the same battle, Gemini Cannon against Dwarf. The first main difference is that we have visualized the memory as a circle, which sounds quite logical, but has never been done before.

Every active process is represented as a square. In this phase of the battle we see 4 squares belonging to Gemini Cannon and one belonging to Dwarf, meaning Dwarf consits only of one process while Gemini Cannon constists of several. When a process changes the content of a distant memory location an arrow is drawn to indicate this behaviour. Also the color of this point of memory changes to that of the causing process.

So what are the strategies of these two warriors? Dwarf is a stationary program that bombs every fourth address in memory with illegal instructions. Gemini Cannon copies its code to other memory locations and creates new threads at these addresses, that are executed independently.From looking at the visualization, ist clear now how the two warrior programs behave and how the battle is fought.

CoreWar proved to be a good testing ground for our visualization project. It's also a good testing ground for other fields of research, for example genetical evolution of warriors. There is a very interesting paper of John Perry showing how to develop efficient warriors in just a few generations. Information on this can be attained in the Core War newsgroups.

Results of the Core War Project

One problem encountered from this research is the mass of information that has to be translated to the graphical language. A possible solution is the abstraction of the code elements. The language syntax can not be instruction based, it has to correspond to logical code phrases. Also this overload of data far surpasses the technical borders of today's Internet, furthering the difficulties of real-time graphic interpretation from distant locations.

The knowledge gained from this project through its alternative visual items produced other ideas towards the applications of understanding process flow and virus attack. Core War battles take place on an isolated playing field, visualized as a circle. In real life this is more complex because of the many factors influencing a computers memory. To research how these complex processes can be viewed, an appropriate infrastructure for information flow is being created formed under the idea of an "Info Nation".

A Model for Visualizing Process Flow.


There are many interpretations of the term Info-Nation. In the model West Bank Ind., it is defined as a group of people having common interests, coming together by means of information technology. Using the World Wide Web (WWW) as a platform, an infrastructure was established applying an existing Internet currency based on an anonymous transaction software. A market place was configured over the past nine months within West Bank which includes shops, employment, a stock exchange and taxes.

The user base was known to be limited and it was quite important that a continuous flow of information exchange and transaction occurred for constant visualization to take place.

This has been attempted by:

- a popular graphical interface (WWW pages)
- the input of creative and interesting projects
- collaboration by an international group of people
- the adaptation of gambling and gaming services
- development of financial instruments, and basic banking functions

The services offered at West Bank are categorized on a three tier participation base:

Public domain- allows users admittance to a variety of commercial and information offerings through the server.

Anonymous account- includes participation in basic financial services

Revealed account- is the access to customized services offered and other selling practises.

West Bank consists of a variety of entities:

It offers basic information and orientation through the site, through the sections Homepage, Identity, Index-pool

A next level is the commercial goods that are being sold through the Gift Shop. The goods are made by outside parties, i.e. digital sounds, pictures and text. Once a good is sold West Bank takes its commission and deposits the rest in the persons account.

West Bank also runs a Betting and Lotto system. The betting system was originally adapted to the running battles of Core War, and the Lotto is run once every two weeks since May with the jackpot building with each ticket sold. There's been no winner yet, so you should purchase one asap.

Financial Services is grouped through The Brokerage which is underwriting West Banks Initial Public Offering. Also the West Bank Trust is opening accounts which performs basic banking functions of deposit, withdraw and transfers. An Info Source section has been introduced to keep interested parties updated of these financial happenings. Also implemented is InterEx's real time ticker displaying the listed stock in real time.

Also to cover all bases a metaphor gov't titled InterRev was created, taxes 7% on each transaction within West Bank. It also allows the lottery and betting system to run and presently subsidizes the West Bank Grant and Award.

Intentions were to create a highly secure WWW server where the pages are filtered by protective programs depending on the users admittance level. For this, all source files and data are encrypted on the server, and all open transactions are connected to unique time based identifiers. This results in a detailed monitoring structure as a platform for visualizing information flow.

Visualizing Information Flow and Transactions

The generated monitoring data is used as a base for the creation of a three dimensional world mirroring the ongoing events at West Bank. Each entity, user and transaction is displayed through this client/server application.

There are a series Uniform Resource Locators (URL) performing specific functions. They are represented as graphical objects each with an assigned colour and location. These are entities that move, shrink and expand according to their information flow.

Fig 3. Visual West Bank

The graphic shown is a base model of West Bank. It's abstract network design takes on different roles of the functions of West Bank Ind.

To the top left is the Trust. All accounts are represented by the red and blue tubes. The red tube shows the amount of currency on deposit and the blue tube shows how many stocks are being held. These move up and down in relation to transactions performed. Each are situated on a coloured wing according to their membership account status. i.e. Anonymous, Revealed

To the top right, is the Gift Shop. It may not look like one, but every platform surface is representative of a page and the connecting tubes are its links. The small bubble underneath the main platform is its info database.

The red sphere in the lower center is InterRev. It is West Bank's government metaphor that taxes and hopefully distributes currency throughout the system. The green tubes connect all the entities and act as a piping system for currency transactions. The movement of the currency is interpreted as small packets of red sphere's which are released into the West Bank environment through transactions. All verification of information passing is shown as white flashes. And all verification of currency to its respected owner is shown through red flashes. Every visitor is symbolized by a flying disk and each of the three possible access levels has a specific colour appended to it. Yellow is Anonymous acc't. The platform sitting in the upper center is the internal Login platform. Members would use this function to verify their status. All the objects are located inside a sphere symbolizing the borders of the Info-Nation. An entrance gate is positioned as a reference point to incoming traffic.

The advantages of this system are two fold: The first advantage is visually monitoring the participants within the server. By securing all routes, the existing information objects are protected against uncontrolled access. Second, there is an alternative understanding of market mechanisms, giving clues on how to give value to an endless supply of digital services to the demand of the consumer.

Projections of the West Bank Project

Presently the program is outlined as a secure monitoring tool. Future plans are to implement direct manipulation of graphical objects by an authorized user. Using this, object oriented applications can be constructed to adapt the software to the network function layer, i.e. sending and receiving packets. This openly defines a common interface which will then allow the system to be easily adapted to other network servers.

The maintenance and security of electronic data on behalf of a membership community is the most important factor to consider. The acquisition of a user database, the manipulation of bank accounts, or the corruption of goods and service programs are immediate threats from the outside. Intelligent processes are the defenders, strategically designed to alert or attack the intruder, whether it be a virus or a person. This is an abstract and complex operation in a computer's memory, and through the addition of a visual language a spectating arena will allow human observers to participate in this virtual warfare.


There is a logical storyline leading from the Core War visualization of virus behavior to a real-time environment, where the complete functionality of a computer or network is reflected by visual objects. As the demonstration of WB shows, the principles can be adapted to customized service applications. The benefits of securing information flow using real-time visualization are significant.

Further investigation is important, as the results should have influence on the architecture of future electronic services and networking.