Advertisement

Visual Analytics for Cyber Security Domain: State-of-the-Art and Challenges

Conference paper
  • 614 Downloads
Part of the Communications in Computer and Information Science book series (CCIS, volume 1078)

Abstract

Visual Analytics is a complex sub-field of data analytics that concentrates on the use of the information visualization methods for facilitating effective analysis of data by employing visual and graphical representation. In cyber security domain, Effective visualization of the data allows to infer valuable insights that enable domain analysts to construct successful strategies to mitigate cyber attacks and provide decision support. We perform a survey of the state-of-the-art in the cyber security domain, analyze main challenges and discuss future trends. We summarize a large number of cyber security and digital forensics visualization works using the Five Question Method of Five W’s and How (Why, Who, What, How, When, and Where) approach as a methodological background. We perform analysis of the works using J. Bertin’s Semiotic Theory of Graphics, and VIS4ML ontology as a theoretical foundation of visual analytics. As a result, we formulate the main challenges for the development of this area of research in the future.

Keywords

Visual analytics Visualization Cyber security Digital forensics Decision support 

Notes

Acknowledgement

This paper is supported in part by European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 830892, project “Strategic programs for advanced research and technology in Europe” (SPARTA).

References

  1. 1.
    Keim, D., Andrienko, G., Fekete, J.-D., Görg, C., Kohlhammer, J., Melançon, G.: Visual analytics: definition, process, and challenges. In: Kerren, A., Stasko, J.T., Fekete, J.-D., North, C. (eds.) Information Visualization. LNCS, vol. 4950, pp. 154–175. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-70956-5_7CrossRefGoogle Scholar
  2. 2.
    Shiravi, H., Shiravi, A., Ghorbani, A.A.: A survey of visualization systems for network security. IEEE Trans. Vis. Comput. Graph. 18(8), 1313–1329 (2012).  https://doi.org/10.1109/tvcg.2011.144CrossRefGoogle Scholar
  3. 3.
    Fink, G.A., North, C.L., Endert, A., Rose, S.: Visualizing cyber security: usable workspaces. In: 2009 6th International Workshop on Visualization for Cyber Security. IEEE (2009).  https://doi.org/10.1109/vizsec.2009.5375542
  4. 4.
    Khanh Dang, T., Tri Dang, T.: A survey on security visualization techniques for web information systems. Int. J. Web Inf. Syst. 9(1), 6–31 (2013).  https://doi.org/10.1108/17440081311316361CrossRefGoogle Scholar
  5. 5.
    Tianfield, H.: Cyber security situational awareness. In: 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (2016).  https://doi.org/10.1109/ithings-greencom-cpscom-smartdata.2016.165
  6. 6.
    Marty, R.: Cyber security: how visual analytics unlock insight. In: 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2013. ACM Press (2013).  https://doi.org/10.1145/2487575.2491132
  7. 7.
    McCaslin, M.L., Scott, K.W.: The five-question method for framing a qualitative research study. Qual. Rep. 8(3), 447–461 (2003)Google Scholar
  8. 8.
    Hohman, F.M., Kahng, M., Pienta, R., Chau, D.H.: Visual analytics in deep learning: An interrogative survey for the next frontiers. IEEE Trans. Vis. Comput. Graph. (2018).  https://doi.org/10.1109/TVCG.2018.2843369CrossRefGoogle Scholar
  9. 9.
    Bertin, J.: Graphische Semiologie: Diagramme, Netze, Karten; Translated from the 2nd French Edition (1973). Walter de Gruyter, Berlin, Germany (1974). ISBN 3-11-003660-6Google Scholar
  10. 10.
    Störrle, H., Fish, A.: Towards an operationalization of the “Physics of Notations” for the analysis of visual languages. In: Moreira, A., Schätz, B., Gray, J., Vallecillo, A., Clarke, P. (eds.) MODELS 2013. LNCS, vol. 8107, pp. 104–120. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-41533-3_7CrossRefGoogle Scholar
  11. 11.
    Sacha, D., Kraus, M., Keim, D.A., Chen, M.: VIS4ML: an ontology for visual analytics assisted machine learning. IEEE Trans. Vis. Comput. Graph. 25(1), 385–395 (2019).  https://doi.org/10.1109/TVCG.2018.2864838CrossRefGoogle Scholar
  12. 12.
    Staheli, D., et al.: Visualization evaluation for cyber security. In: Eleventh Workshop on Visualization for Cyber Security, VizSec 2014. ACM Press (2014).  https://doi.org/10.1145/2671491.2671492
  13. 13.
    de Bruijn, H., Janssen, M.: Building cybersecurity awareness: the need for evidence-based framing strategies. Gov. Inf. Q. 34(1), 1–7 (2017).  https://doi.org/10.1016/j.giq.2017.02.007CrossRefGoogle Scholar
  14. 14.
    Zheng, M., Robbins, H., Chai, Z., Thapa, P., Moore, T.: Cybersecurity research datasets: taxonomy and empirical analysis. In: 11th USENIX Conference on Cyber Security Experimentation and Test (CSET 2018), p. 2. USENIX Association, Berkeley (2018)Google Scholar
  15. 15.
    He, J., Chen, H., Chen, Y., Tang, X., Zou, Y.: Diverse visualization techniques and methods of moving-object-trajectory data: a review. ISPRS Int. J. Geo-Inf. 8(2), 63 (2019).  https://doi.org/10.3390/ijgi8020063CrossRefGoogle Scholar
  16. 16.
    Kotenko, I., Novikova, E.: VisSecAnalyzer: a visual analytics tool for network security assessment. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 345–360. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40588-4_24CrossRefGoogle Scholar
  17. 17.
    Zhao, Y., Zhou, F., Fan, X., Liang, X., Liu, Y.: IDSRadar: a real-time visualization framework for IDS alerts. Sci. China Inf. Sci. 56(8), 1–12 (2013).  https://doi.org/10.1007/s11432-013-4891-9CrossRefGoogle Scholar
  18. 18.
    Haggerty, J., Haggerty, S., Taylor, M.: Forensic triage of email network narratives through visualisation. Inf. Manag. Comput. Secur. 22(4), 358–370 (2014).  https://doi.org/10.1108/IMCS-11-2013-0080CrossRefGoogle Scholar
  19. 19.
    Chen, V.Y., Razip, A.M., Ko, S., Qian, C.Z., Ebert, D.S.: Multi-aspect visual analytics on large-scale high-dimensional cyber security data. Inf. Vis. 14(1), 62–75 (2013).  https://doi.org/10.1177/1473871613488573CrossRefGoogle Scholar
  20. 20.
    Liao, Q., Striegel, A., Chawla, N.: Visualizing graph dynamics and similarity for enterprise network security and management. In: 7th International Symposium on Visualization for Cyber Security (VizSec 2010), pp. 34–45 (2010).  https://doi.org/10.1145/1850795.1850799
  21. 21.
    McKenna, S., Staheli, D., Fulcher, C., Meyer, M.: BubbleNet: a cyber security dashboard for visualizing patterns. Comput. Graph. Forum 35(3), 281–290 (2016).  https://doi.org/10.1111/cgf.12904CrossRefGoogle Scholar
  22. 22.
    Wongsuphasawat, K., Guerra Gómez, J.A., Plaisant, C., Wang, T., Taieb-Maimon, M., Shneiderman, B.: LifeFlow. In: Annual Conference Extended abstracts on Human Factors in Computing Systems - CHI EA 2011. ACM Press (2011).  https://doi.org/10.1145/1979742.1979557
  23. 23.
    McPherson, J., Ma, K.-L., Krystosk, P., Bartoletti, T., Christensen, M.: PortVis. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security - VizSEC/DMSEC 2004. ACM Press (2004).  https://doi.org/10.1145/1029208.1029220
  24. 24.
    Qiu, H.S.: Streaming data visualization for network security. Ph.D. thesis, Princeton University (2017)Google Scholar
  25. 25.
    Goodall, J.R.: Introduction to visualization for computer security. In: Goodall, J.R., Conti, G., Ma, K.L. (eds.) VizSEC 2007. Mathematics and Visualization, pp. 1–17. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78243-8_1CrossRefGoogle Scholar
  26. 26.
    Hu, H., Zhang, H., Liu, Y., Wang, Y.: Quantitative method for network security situation based on attack prediction. Secur. Commun. Netw. 2017, 19 (2017).  https://doi.org/10.1155/2017/3407642. Article ID 3407642CrossRefGoogle Scholar
  27. 27.
    Scheepens, R., Michels, S., van de Wetering, H., van Wijk, J.J.: Rationale visualization for safety and security. Comput. Graph. Forum 34, 191–200 (2015)CrossRefGoogle Scholar
  28. 28.
    Angelini, M., Blasilli, G., Lenti, S., Santucci, G.: Visual exploration and analysis of the Italian cybersecurity framework. In: Workshop on Advanced Visual Interfaces AVI (2018).  https://doi.org/10.1145/3206505.3206579
  29. 29.
    Furmanova, K., et al.: Taggle: Combining Overview and Details in Tabular Data Visualizations, 14 p. (2019). arXiv:1712.05944v3 [cs.HC]
  30. 30.
    Tillekens, A., Le-Khac, N.-A., Thi, T.T.P.: A Bespoke forensics GIS tool. In: 2016 International Conference on Computational Science and Computational Intelligence, pp. 987–992. IEEE (2016).  https://doi.org/10.1109/csci.2016.188
  31. 31.
    Aldwairi, M., Alsaadi, H.H.: FLUKES: autonomous log forensics, intelligence and visualization tool. In: Proceedings of ICFNDS 2017, Cambridge, United Kingdom, 19–20 July 2017, 6 p. (2017).  https://doi.org/10.1145/3102304.3102337
  32. 32.
    Tuncel, M.A., Francis, H., Taylor, M., Jones, D.L.: Visualdrives forensic tool. In: International Conference on Developments of E-Systems Engineering (DeSE), Burj Khalifa, Dubai, United Arab Emirates, 13–15 December 2015.  https://doi.org/10.1109/dese.2015.68
  33. 33.
    Hales, G., Ferguson, I., Archibald, J.: Insight: an application of information visualisation techniques to digital forensics investigations. Int. J. Cyber Situat. Aware. 2(1), 100–118 (2017)CrossRefGoogle Scholar
  34. 34.
    Olsson, J., Boldt, M.: Computer forensic timeline visualization tool. Digit. Investig., S78–S87 (2009).  https://doi.org/10.1016/j.diin.2009.06.008CrossRefGoogle Scholar
  35. 35.
    McKenna, S., Staheli, D., Fulcher, C., Meyer, M.: BubbleNet: a cyber security dashboard for visualizing patterns. In: Eurographics Conference on Visualization (EuroVis), vol. 35(3), pp. 281–290 (2016).  https://doi.org/10.1111/cgf.12904CrossRefGoogle Scholar
  36. 36.
    Leschke, T.R., Nicholas, C.: Change-Link 2.0: a digital forensic tool for visualizing changes to shadow volume data. In: VizSec 2013, Atlanta, GA, USA, 14 October 2013, pp. 17–24 (2013)Google Scholar
  37. 37.
    Catanese, S.A., Fiumara, G.: A visual tool for forensic analysis of mobile phone traffic. In: MiFOR 2010, Firenze, Italy, 29 October 2010, pp. 71–76 (2010)Google Scholar
  38. 38.
    Goswami, A., Mohapatra, D.P., Zhai, C.: Qu antifying and visualizing the demand and supply gap from e-commerce search data using topic models. In: WWW 2019 Companion, San Francisco, CA, USA, 13–17 May 2019, pp. 348–353 (2019)Google Scholar
  39. 39.
    Le, T.V.M., Akoglu, L.: ContraVis: contrastive and visual topic modeling for comparing document collections. In: Proceedings of the 2019 World Wide Web Conference (WWW 2019), San Francisco, CA, USA, 13–17 May 2019, 11 p. ACM, New York (2019).  https://doi.org/10.1145/3308558.3313617
  40. 40.
    Yang, F., et al.: XFake: explainable fake news detector with visualizations. In: WWW 2019, San Francisco, CA, USA, 13–17 May 2019.  https://doi.org/10.1145/3308558.3314119
  41. 41.
    Fittkau, F., Krause, A., Hasselbring, W.: Software landscape and application visualization or system comprehension with ExplorViz. Inf. Softw. Technol. 87(2017), 259–277 (2017).  https://doi.org/10.1016/j.infsof.2016.07.004CrossRefGoogle Scholar
  42. 42.
    Vallentin, M., Paxson, V., Sommer, R.: VAST: a unified platform for interactive network forensics. In: 13th Usenix Conference on Networked Systems Design and Implementation (NSDI 2016), pp. 345–362. USENIX Association, Berkeley (2016)Google Scholar
  43. 43.
    Baráth, J., Harakaľ, M.: Protocols for exchange of cyber security information. In: Security and Protection of Information (2013)Google Scholar
  44. 44.
    Bonneau, G.-P., Hege, H.-C., Johnson, C.R., Oliveira, M.M., Potter, K., Rheingans, P., Schultz, T.: Overview and state-of-the-art of uncertainty visualization. In: Hansen, Charles D., Chen, M., Johnson, C.R., Kaufman, A.E., Hagen, H. (eds.) Scientific Visualization. MV, pp. 3–27. Springer, London (2014).  https://doi.org/10.1007/978-1-4471-6497-5_1CrossRefGoogle Scholar
  45. 45.
    Zhong, Z., et al.: A user-centered multi-space collaborative visual analysis for cyber security. Chin. J. Electron. 27(5), 910–919 (2018).  https://doi.org/10.1049/cje.2017.09.021CrossRefGoogle Scholar
  46. 46.
    Kabil, A., Duval, T., Cuppens, N., Le Comte, G., Halgand, Y., et al.: Why should we use 3D collaborative virtual environments for cyber security? In: IEEE 4th VR International Workshop on Collaborative Virtual Environments (IEEEVR 2018) (2018)Google Scholar
  47. 47.
    Erbacher, R.F., Frincke, D.A., Wong, P.C., Moody, S., Fink, G.: A multi-phase network situational awareness cognitive task analysis. Inf. Vis. 9, 204–219 (2010)CrossRefGoogle Scholar
  48. 48.
    Angelini, M., Santucci, G.: Cyber situational awareness: from geographical alerts to high-level management. J. Vis. 20(3), 453–459 (2017).  https://doi.org/10.1007/s12650-016-0377-3CrossRefGoogle Scholar
  49. 49.
    Nielsen, J.: Usability Engineering. Academic Press, London (1993)CrossRefGoogle Scholar
  50. 50.
    Dasgupta, A., Arendt, D.L., Franklin, L.R., Wong, P.C., Cook, K.A.: Human factors in streaming data analysis: challenges and opportunities for information visualization. Comput. Graph. Forum 37(1), 254–272 (2018).  https://doi.org/10.1111/cgf.13264CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceKaunas University of TechnologyKaunasLithuania

Personalised recommendations