Abstract
Visualization of cyberattacks is gaining popularity as an intuitive technique to present attack data, without overwhelming the average user. However, a security analyst needs to be presented with advanced features, allowing the correlation of the collected data in order to yield interesting findings about the attack methodology itself and utilize the newly acquired knowledge to improve the security processes of an administrative domain. Meaningful cyber security situational awareness leverages security management as it provides the global security state of the administrative domain that allows for informed decision-making on security matters. This chapter presents VizAttack, an extensible, open-source visualization framework for data generated by various security technologies. Not only it integrates and visualizes data from heterogeneous security data sources in a single framework, but it also reconstructs the steps followed during an attack execution. Furthermore, VizAttack supports on-demand queries that are constructed on the fly during the investigation of these attack profiles.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IBM Security and Ponemon Institute LLC. (2019). 2019 cost of a data breach report. Retrieved December 21, 2020, from https://www.ibm.com/security/data-breach
McNabb, L., & Laramee, R. S. (2017). Survey of Surveys (SoS)—Mapping the landscape of survey papers in information visualization. Computer Graphics Forum, 36(2), 589–617.
Franke, U., & Brynielsson, J. (2014). Cyber situational awareness—A systematic review of the literature. Computers & Security, 46(2014), 18–31.
Jajodia, S., & Albanese, M. (2017). An integrated framework for cyber situation awareness. In Theory and models for cyber situation awareness. Lecture Notes in Computer Science (Vol. 10030, pp. 29–46). Cham: Springer.
Husák, M., Jirsík, T., & Jay Yang, S. (2020, August). SoK: Contemporary issues and challenges to enable cyber situational awareness for network security. In Proceedings of the 15th International Conference on Availability, Reliability and Security (ARES 2020) (Article No.: 2, pp. 1–10). Virtual Event, Ireland.
Arbor Networks. (2020). Arbor networks DDoS attack map. Retrieved December 21, 2020, from https://www.digitalattackmap.com/
Kaspersky. (2020). Cyber malware and DDoS real-time map. Retrieved December 21, 2020, from https://cybermap.kaspersky.com
Fortinet. (2020). Fortinet threat map. Retrieved December 21, 2020, from https://threatmap.fortiguard.com
Sophos. (2020). Sophos threat tracking map. Retrieved December 21, 2020, from https://www.sophos.com/en-us/threat-center/threat-monitoring/threatdashboard.aspx
FireEye. (2020). FireEye cyber threat map. Retrieved December 21, 2020, from https://www.fireeye.com/cyber-map/threat-map.html
CheckPoint. (2020). ThreatCloud live cyber-attack threatmap. Retrieved December 21, 2020, from https://threatmap.checkpoint.com
Jajodia, S., & Noel, S. (2010, March). Advanced cyber attack modeling, analysis, and visualization. Technical report, George Mason University. Retrieved December 21, 2020, from https://csis.gmu.edu/noel/pubs/2009_AFRL.pdf
Fischer, F., Mansmann, F., Keim, D. A., Pietzko, S., & Waldvogel, M. (2008). Large-scale network monitoring for visual analysis of attacks. In VizSec ‘08: Proceedings of the 5th International Workshop on Visualization for Computer Security (pp. 111–118).
Goodall, J. R., & Sowul, M. (2009). VIAssist: Visual analytics for cyber defense. In 2009 IEEE Conference on Technologies for Homeland Security (pp. 143–150). Boston, MA.
Dionaea. (2020). Dionea documentation. Retrieved December 21, 2020, from https://dionaea.readthedocs.io/en/latest/
Baecher, P., Koetter, M., Holz, T., Dornseif, M., & Freiling, F. The Nepenthes platform: An efficient approach to collect malware. In D. Zamboni & C. Kruegel (Eds.), Recent advances in intrusion detection. RAID 2006. Lecture Notes in Computer Science (Vol. 4219). Berlin, Heidelberg: Springer.
Karasavvas, S. (2020, December). An extensible open-source framework for attack visualization. MSc Thesis, Department of Computer Science, University of Nicosia.
Christoforou, A., Gjermundrod, H., & Dionysiou, I. (2015). Honeycy: A configurable unified management framework for open-source honeypot services. In Proceedings of the 19th Panhellenic Conference on Informatics (pp. 161–164). Athens, Greece, 1–3 October 2015.
Sababa, B., Avogian, K., Dionysiou, I., & Gjermundrod, H. (2020). SMAD—A configurable and extensible low-level system monitoring and anomaly detection framework. In K. Daimi & G. Francia (Eds.), Innovations in cybersecurity education (pp. 19–38). Cham: Springer International Publishing.
Avogian, K., Sababa, B., Dionysiou, I., & Gjermundrød, H. (2020). Leveraging security management with low-level system monitoring and visualization. In The 2020 International Conference on Security and Management (SAM’20). Transactions on Computational Science & Computational Intelligence: Advances in Security, Networks, and Internet of Things (pp. 1–14). Springer Nature, Las Vegas, Nevada, USA, 27–30 July 2020.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Karasavvas, S., Dionysiou, I., Gjermundrød, H. (2021). VizAttack: An Extensible Open-Source Visualization Framework for Cyberattacks. In: Daimi, K., Peoples, C. (eds) Advances in Cybersecurity Management. Springer, Cham. https://doi.org/10.1007/978-3-030-71381-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-71381-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71380-5
Online ISBN: 978-3-030-71381-2
eBook Packages: Computer ScienceComputer Science (R0)