Visual Analytics for Cyber Security Domain: State-of-the-Art and Challenges

Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1078)


Visual Analytics is a complex sub-field of data analytics that concentrates on the use of the information visualization methods for facilitating effective analysis of data by employing visual and graphical representation. In cyber security domain, Effective visualization of the data allows to infer valuable insights that enable domain analysts to construct successful strategies to mitigate cyber attacks and provide decision support. We perform a survey of the state-of-the-art in the cyber security domain, analyze main challenges and discuss future trends. We summarize a large number of cyber security and digital forensics visualization works using the Five Question Method of Five W’s and How (Why, Who, What, How, When, and Where) approach as a methodological background. We perform analysis of the works using J. Bertin’s Semiotic Theory of Graphics, and VIS4ML ontology as a theoretical foundation of visual analytics. As a result, we formulate the main challenges for the development of this area of research in the future.


Visual analytics Visualization Cyber security Digital forensics Decision support 



This paper is supported in part by European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 830892, project “Strategic programs for advanced research and technology in Europe” (SPARTA).


  1. 1.
    Keim, D., Andrienko, G., Fekete, J.-D., Görg, C., Kohlhammer, J., Melançon, G.: Visual analytics: definition, process, and challenges. In: Kerren, A., Stasko, J.T., Fekete, J.-D., North, C. (eds.) Information Visualization. LNCS, vol. 4950, pp. 154–175. Springer, Heidelberg (2008). Scholar
  2. 2.
    Shiravi, H., Shiravi, A., Ghorbani, A.A.: A survey of visualization systems for network security. IEEE Trans. Vis. Comput. Graph. 18(8), 1313–1329 (2012). Scholar
  3. 3.
    Fink, G.A., North, C.L., Endert, A., Rose, S.: Visualizing cyber security: usable workspaces. In: 2009 6th International Workshop on Visualization for Cyber Security. IEEE (2009).
  4. 4.
    Khanh Dang, T., Tri Dang, T.: A survey on security visualization techniques for web information systems. Int. J. Web Inf. Syst. 9(1), 6–31 (2013). Scholar
  5. 5.
    Tianfield, H.: Cyber security situational awareness. In: 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (2016).
  6. 6.
    Marty, R.: Cyber security: how visual analytics unlock insight. In: 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2013. ACM Press (2013).
  7. 7.
    McCaslin, M.L., Scott, K.W.: The five-question method for framing a qualitative research study. Qual. Rep. 8(3), 447–461 (2003)Google Scholar
  8. 8.
    Hohman, F.M., Kahng, M., Pienta, R., Chau, D.H.: Visual analytics in deep learning: An interrogative survey for the next frontiers. IEEE Trans. Vis. Comput. Graph. (2018). Scholar
  9. 9.
    Bertin, J.: Graphische Semiologie: Diagramme, Netze, Karten; Translated from the 2nd French Edition (1973). Walter de Gruyter, Berlin, Germany (1974). ISBN 3-11-003660-6Google Scholar
  10. 10.
    Störrle, H., Fish, A.: Towards an operationalization of the “Physics of Notations” for the analysis of visual languages. In: Moreira, A., Schätz, B., Gray, J., Vallecillo, A., Clarke, P. (eds.) MODELS 2013. LNCS, vol. 8107, pp. 104–120. Springer, Heidelberg (2013). Scholar
  11. 11.
    Sacha, D., Kraus, M., Keim, D.A., Chen, M.: VIS4ML: an ontology for visual analytics assisted machine learning. IEEE Trans. Vis. Comput. Graph. 25(1), 385–395 (2019). Scholar
  12. 12.
    Staheli, D., et al.: Visualization evaluation for cyber security. In: Eleventh Workshop on Visualization for Cyber Security, VizSec 2014. ACM Press (2014).
  13. 13.
    de Bruijn, H., Janssen, M.: Building cybersecurity awareness: the need for evidence-based framing strategies. Gov. Inf. Q. 34(1), 1–7 (2017). Scholar
  14. 14.
    Zheng, M., Robbins, H., Chai, Z., Thapa, P., Moore, T.: Cybersecurity research datasets: taxonomy and empirical analysis. In: 11th USENIX Conference on Cyber Security Experimentation and Test (CSET 2018), p. 2. USENIX Association, Berkeley (2018)Google Scholar
  15. 15.
    He, J., Chen, H., Chen, Y., Tang, X., Zou, Y.: Diverse visualization techniques and methods of moving-object-trajectory data: a review. ISPRS Int. J. Geo-Inf. 8(2), 63 (2019). Scholar
  16. 16.
    Kotenko, I., Novikova, E.: VisSecAnalyzer: a visual analytics tool for network security assessment. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 345–360. Springer, Heidelberg (2013). Scholar
  17. 17.
    Zhao, Y., Zhou, F., Fan, X., Liang, X., Liu, Y.: IDSRadar: a real-time visualization framework for IDS alerts. Sci. China Inf. Sci. 56(8), 1–12 (2013). Scholar
  18. 18.
    Haggerty, J., Haggerty, S., Taylor, M.: Forensic triage of email network narratives through visualisation. Inf. Manag. Comput. Secur. 22(4), 358–370 (2014). Scholar
  19. 19.
    Chen, V.Y., Razip, A.M., Ko, S., Qian, C.Z., Ebert, D.S.: Multi-aspect visual analytics on large-scale high-dimensional cyber security data. Inf. Vis. 14(1), 62–75 (2013). Scholar
  20. 20.
    Liao, Q., Striegel, A., Chawla, N.: Visualizing graph dynamics and similarity for enterprise network security and management. In: 7th International Symposium on Visualization for Cyber Security (VizSec 2010), pp. 34–45 (2010).
  21. 21.
    McKenna, S., Staheli, D., Fulcher, C., Meyer, M.: BubbleNet: a cyber security dashboard for visualizing patterns. Comput. Graph. Forum 35(3), 281–290 (2016). Scholar
  22. 22.
    Wongsuphasawat, K., Guerra Gómez, J.A., Plaisant, C., Wang, T., Taieb-Maimon, M., Shneiderman, B.: LifeFlow. In: Annual Conference Extended abstracts on Human Factors in Computing Systems - CHI EA 2011. ACM Press (2011).
  23. 23.
    McPherson, J., Ma, K.-L., Krystosk, P., Bartoletti, T., Christensen, M.: PortVis. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security - VizSEC/DMSEC 2004. ACM Press (2004).
  24. 24.
    Qiu, H.S.: Streaming data visualization for network security. Ph.D. thesis, Princeton University (2017)Google Scholar
  25. 25.
    Goodall, J.R.: Introduction to visualization for computer security. In: Goodall, J.R., Conti, G., Ma, K.L. (eds.) VizSEC 2007. Mathematics and Visualization, pp. 1–17. Springer, Heidelberg (2008). Scholar
  26. 26.
    Hu, H., Zhang, H., Liu, Y., Wang, Y.: Quantitative method for network security situation based on attack prediction. Secur. Commun. Netw. 2017, 19 (2017). Article ID 3407642CrossRefGoogle Scholar
  27. 27.
    Scheepens, R., Michels, S., van de Wetering, H., van Wijk, J.J.: Rationale visualization for safety and security. Comput. Graph. Forum 34, 191–200 (2015)CrossRefGoogle Scholar
  28. 28.
    Angelini, M., Blasilli, G., Lenti, S., Santucci, G.: Visual exploration and analysis of the Italian cybersecurity framework. In: Workshop on Advanced Visual Interfaces AVI (2018).
  29. 29.
    Furmanova, K., et al.: Taggle: Combining Overview and Details in Tabular Data Visualizations, 14 p. (2019). arXiv:1712.05944v3 [cs.HC]
  30. 30.
    Tillekens, A., Le-Khac, N.-A., Thi, T.T.P.: A Bespoke forensics GIS tool. In: 2016 International Conference on Computational Science and Computational Intelligence, pp. 987–992. IEEE (2016).
  31. 31.
    Aldwairi, M., Alsaadi, H.H.: FLUKES: autonomous log forensics, intelligence and visualization tool. In: Proceedings of ICFNDS 2017, Cambridge, United Kingdom, 19–20 July 2017, 6 p. (2017).
  32. 32.
    Tuncel, M.A., Francis, H., Taylor, M., Jones, D.L.: Visualdrives forensic tool. In: International Conference on Developments of E-Systems Engineering (DeSE), Burj Khalifa, Dubai, United Arab Emirates, 13–15 December 2015.
  33. 33.
    Hales, G., Ferguson, I., Archibald, J.: Insight: an application of information visualisation techniques to digital forensics investigations. Int. J. Cyber Situat. Aware. 2(1), 100–118 (2017)CrossRefGoogle Scholar
  34. 34.
    Olsson, J., Boldt, M.: Computer forensic timeline visualization tool. Digit. Investig., S78–S87 (2009). Scholar
  35. 35.
    McKenna, S., Staheli, D., Fulcher, C., Meyer, M.: BubbleNet: a cyber security dashboard for visualizing patterns. In: Eurographics Conference on Visualization (EuroVis), vol. 35(3), pp. 281–290 (2016). Scholar
  36. 36.
    Leschke, T.R., Nicholas, C.: Change-Link 2.0: a digital forensic tool for visualizing changes to shadow volume data. In: VizSec 2013, Atlanta, GA, USA, 14 October 2013, pp. 17–24 (2013)Google Scholar
  37. 37.
    Catanese, S.A., Fiumara, G.: A visual tool for forensic analysis of mobile phone traffic. In: MiFOR 2010, Firenze, Italy, 29 October 2010, pp. 71–76 (2010)Google Scholar
  38. 38.
    Goswami, A., Mohapatra, D.P., Zhai, C.: Qu antifying and visualizing the demand and supply gap from e-commerce search data using topic models. In: WWW 2019 Companion, San Francisco, CA, USA, 13–17 May 2019, pp. 348–353 (2019)Google Scholar
  39. 39.
    Le, T.V.M., Akoglu, L.: ContraVis: contrastive and visual topic modeling for comparing document collections. In: Proceedings of the 2019 World Wide Web Conference (WWW 2019), San Francisco, CA, USA, 13–17 May 2019, 11 p. ACM, New York (2019).
  40. 40.
    Yang, F., et al.: XFake: explainable fake news detector with visualizations. In: WWW 2019, San Francisco, CA, USA, 13–17 May 2019.
  41. 41.
    Fittkau, F., Krause, A., Hasselbring, W.: Software landscape and application visualization or system comprehension with ExplorViz. Inf. Softw. Technol. 87(2017), 259–277 (2017). Scholar
  42. 42.
    Vallentin, M., Paxson, V., Sommer, R.: VAST: a unified platform for interactive network forensics. In: 13th Usenix Conference on Networked Systems Design and Implementation (NSDI 2016), pp. 345–362. USENIX Association, Berkeley (2016)Google Scholar
  43. 43.
    Baráth, J., Harakaľ, M.: Protocols for exchange of cyber security information. In: Security and Protection of Information (2013)Google Scholar
  44. 44.
    Bonneau, G.-P., Hege, H.-C., Johnson, C.R., Oliveira, M.M., Potter, K., Rheingans, P., Schultz, T.: Overview and state-of-the-art of uncertainty visualization. In: Hansen, Charles D., Chen, M., Johnson, C.R., Kaufman, A.E., Hagen, H. (eds.) Scientific Visualization. MV, pp. 3–27. Springer, London (2014). Scholar
  45. 45.
    Zhong, Z., et al.: A user-centered multi-space collaborative visual analysis for cyber security. Chin. J. Electron. 27(5), 910–919 (2018). Scholar
  46. 46.
    Kabil, A., Duval, T., Cuppens, N., Le Comte, G., Halgand, Y., et al.: Why should we use 3D collaborative virtual environments for cyber security? In: IEEE 4th VR International Workshop on Collaborative Virtual Environments (IEEEVR 2018) (2018)Google Scholar
  47. 47.
    Erbacher, R.F., Frincke, D.A., Wong, P.C., Moody, S., Fink, G.: A multi-phase network situational awareness cognitive task analysis. Inf. Vis. 9, 204–219 (2010)CrossRefGoogle Scholar
  48. 48.
    Angelini, M., Santucci, G.: Cyber situational awareness: from geographical alerts to high-level management. J. Vis. 20(3), 453–459 (2017). Scholar
  49. 49.
    Nielsen, J.: Usability Engineering. Academic Press, London (1993)CrossRefGoogle Scholar
  50. 50.
    Dasgupta, A., Arendt, D.L., Franklin, L.R., Wong, P.C., Cook, K.A.: Human factors in streaming data analysis: challenges and opportunities for information visualization. Comput. Graph. Forum 37(1), 254–272 (2018). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceKaunas University of TechnologyKaunasLithuania

Personalised recommendations