A Visual Analytics Field Experiment to Evaluate Alternative Visualizations for Cyber Security Applications

Fischer, Fabian; Davey, James; Fuchs, Johannes; Thonnard, Olivier; Kohlhammer, Jörn; Keim, Daniel A.

A Visual Analytics Field Experiment to Evaluate Alternative Visualizations for Cyber Security Applications

Files

043-047.pdf (1.01 MB)

Date

2014

Authors

Fischer, Fabian
Davey, James
Fuchs, Johannes
Thonnard, Olivier
Kohlhammer, Jörn
Keim, Daniel A.

Publisher

The Eurographics Association

Abstract

The analysis and exploration of emerging threats in the Internet is important to better understand the behaviour of attackers and develop new methods to enhance cyber security. Fully automated algorithms alone are often not capable of providing actionable insights about the threat landscape. We therefore combine a multi-criteria clustering algorithm, tailor-made for the identification of such attack campaigns with three interactive visualizations, namely treemap representations, interactive node-link diagrams, and chord diagrams, to allow the analysts to visually explore and make sense of the resulting multi-dimensional clusters. To demonstrate the potential of the system, we share our lessons learned in conducting a field experiment with experts in a security response team and show how it helped them to gain new insights into various threat landscapes.

        @inproceedings{10.2312:eurova.20141144
,
booktitle = {EuroVis Workshop on Visual Analytics
},
editor = {M. Pohl and J. Roberts
},
title = {{A Visual Analytics Field Experiment to Evaluate Alternative Visualizations for Cyber Security Applications
}},
author = {Fischer, Fabian and 
Davey, James and 
Fuchs, Johannes and 
Thonnard, Olivier and 
Kohlhammer, Jörn and 
Keim, Daniel A.
},
year = {2014
},
publisher = {The Eurographics Association
},
ISBN = {978-3-905674-68-2
},
DOI = {10.2312/eurova.20141144
}
}