Visualizing network events in a muggle friendly way

Latvala, Outi-Marja; Keränen, Tommi; Noponen, Sami; Lehto, Niko; Sailio, Mirko; Valta, Mikko; Olli, Pia

doi:10.1109/cybersa.2017.8073400

Cited by 3 publications

(2 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, Latvala et al [44] presented a network monitoring tool in which a 3D fish tank shows different kind of fish that represent network nodes. The authors themselves specify that: ''As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial''.…”

Section: Visual Metaphorsmentioning

confidence: 99%

Anomaly Detection Using Pattern-of-Life Visual Metaphors

et al. 2019

View full text Add to dashboard Cite

Complex dependencies exist across the technology estate, users and purposes of machines. This can make it difficult to efficiently detect attacks. Visualization to date is mainly used to communicate patterns of raw logs, or to visualize the output of detection systems. In this paper we explore a novel approach to presenting cybersecurity-related information to analysts. Specifically, we investigate the feasibility of using visualizations to make analysts become anomaly detectors using Pattern-of-Life Visual Metaphors. Unlike glyph metaphors, the visualizations themselves (rather than any single visual variable on screen) transform complex systems into simpler ones using different mapping strategies. We postulate that such mapping strategies can yield new, meaningful ways to showing anomalies in a manner that can be easily identified by analysts. We present a classification system to describe machine and human activities on a host machine, a strategy to map machine dependencies and activities to a metaphor. We then present two examples, each with three attack scenarios, running data generated from attacks that affect confidentiality, integrity and availability of machines. Finally, we present three in-depth use-case studies to assess feasibility (i.e. can this general approach be used to detect anomalies in systems?), usability and detection abilities of our approach. Our findings suggest that our general approach is easy to use to detect anomalies in complex systems, but the type of metaphor has an impact on user's ability to detect anomalies. Similar to other anomaly-detection techniques, false positives do exist in our general approach as well. Future work will need to investigate optimal mapping strategies, other metaphors, and examine how our approach compares to and can complement existing techniques.

show abstract

Section: Visual Metaphorsmentioning

confidence: 99%

Anomaly Detection Using Pattern-of-Life Visual Metaphors

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Although there are some research papers about 3D metaphors for data representations in cyber security [12,20] or about the usability of Virtual Environments for cyber teamwork [24,27,31], applying User Experience (UX) design for cyber security is quite recent [29], and the usefulness of 3D representations is just now accepted [8,1] which explains maybe why we have not seen much 3D visualizations for cyber security in reviews of literature [34,13], apart from the 2012 Daedalus-Viz project developed by Inoue et al [17].…”

Section: Virtual Environments For Cyber Securitymentioning

confidence: 99%

From Cyber Security Activities to Collaborative Virtual Environments Practices Through the 3D CyberCOP Platform

Kabil

Duval

Cuppens

et al. 2018

Information Systems Security

View full text Add to dashboard Cite

Although collaborative practices between cyber organizations are well documented, managing activities within these organizations is still challenging as cyber operators tasks are very demanding and usually done individually. As human factors studies in cyber environments are still difficult to perform, tools and collaborative practices are evolving slowly and training is always required to increase teamwork efficiency. Contrary to other research fields, cyber security is not harnessing yet the capabilities of Collaborative Virtual Environments (CVE) which can be used both for immersive and interactive data visualization and serious gaming for training. In order to tackle cyber security teamwork issues, we propose a 3D CVE called the 3D Cyber Common Operational Picture, which aims at taking advantage of CVE practices to enhance cyber collaborative activities. Based on four Security Operations Centers (SOCs) visits we have made in different organizations, we have designed a cyber collaborative activity model which has been used as a reference to design our 3D CyberCOP platform features, such as asymetrical collaboration, mutual awareness and roles specialization. Our approach can be adapted to several use cases, and we are currently developing a cyber incident analysis scenario based on an event-driven architecture, as a proof of concept.

show abstract

What Makes for Effective Visualisation in Cyber Situational Awareness for Non-Expert Users?

Carroll

Chakof

Legg

2019

2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA)

View full text Add to dashboard Cite

As cyber threats continue to become more prevalent, there is a need to consider how best we can understand the cyber landscape when acting online, especially so for non-expert users. Satellite navigation systems provide the de facto standard for many modern day navigation tasks in the physical domain, so we consider the question of how one could navigate the online domain using similar concepts. In this paper, we study the design of a cyber sat nav for improving situational awareness of nonexpert users. We focus on three core tasks: understanding where we are in cyber space, understanding how we got there, and understanding future states that we may traverse to. To support understanding, we explore the use of visualisation techniques to portray complex online activities in clear and engaging formats for non-expert users. TABLE I CHARACTERISTICS OF THE THREE VERSIONS Abstract Realistic Metaphoric 3D space 2D space 2D space Edges and nodes Laptops and cables Buildings and roads Absolute positioning Relative positioning Relative positioning Light Packets Cars

show abstract

Visualizing network events in a muggle friendly way

Cited by 3 publications

References 9 publications

Anomaly Detection Using Pattern-of-Life Visual Metaphors

Anomaly Detection Using Pattern-of-Life Visual Metaphors

From Cyber Security Activities to Collaborative Virtual Environments Practices Through the 3D CyberCOP Platform

What Makes for Effective Visualisation in Cyber Situational Awareness for Non-Expert Users?

Contact Info

Product

Resources

About