Biblio

Technology and the use of online services are very prevalent across much of our everyday lives. As our digital interactions continue to grow, there is a need to improve public awareness of the risks to our personal online privacy and security. Designing for cyber security awareness has never been so important. In this work, we consider people's current impressions towards their privacy and security online. We also explore how abnormal network activity data can be visually conveyed to afford a heightened cyber security awareness. In detail, the paper documents the different effects of visual variables in an edge and node DoS visualisation to depict abnormally high volumes of traffic. The results from two studies show that people are generally becoming more concerned about their privacy and security online. Moreover, we have found that the more focus based visual techniques (i.e. blur) and geometry-based techniques (i.e. jaggedness and sketchiness) afford stronger impressions of uncertainty from abnormally high volumes of network traffic. In terms of security, these impressions and feelings alert in the end-user that something is not quite as it should be and hence develop a heightened cyber security awareness.

Visual Analytics uses data visualization techniques for enabling compelling data analysis by engaging graphical and visual portrayal. In the domain of cybersecurity, convincing visual representation of data enables to ascertain valuable observations that allow the domain experts to construct efficient cyberattack mitigation strategies and provide useful decision support. We present a survey of visual analytics tools and methods in the domain of cybersecurity. We explore and discuss Technical Threat Intelligence visualization tools using the Five Question Method. We conclude the analysis of the works using Moody's Physics of Notations, and VIS4ML ontology as a methodological background of visual analytics process. We summarize our analysis as a high-level model of visual analytics for cybersecurity threat analysis.

Due to the steady growth of various sophisticated types of malware, different malware analysis systems are becoming more and more demanded. While there are various automatic approaches available to identify and detect malware, the malware analysis is still time-consuming process. The visualization-driven techniques may significantly increase the efficiency of the malware analysis process by involving human visual system which is a powerful pattern seeker. In this paper the authors reviewed different visualization methods, examined their features and tasks solved with their help. The paper presents the most commonly used approaches and discusses open challenges in malware visual analytics.

Cyber-power resiliency analysis of the distribution system is becoming critical with increase in adverse cyberevents. Distribution network operators need to assess and analyze the resiliency of the system utilizing the analytical tool with a carefully designed visualization and be driven by data and model-based analytics. This work introduces the Cyber-Physical Security Assessment Metric (CP-SAM) visualization tool to assist operators in ensuring the energy supply to critical loads during or after a cyber-attack. CP-SAM also provides decision support to operators utilizing measurement data and distribution power grid model and through well-designed visualization. The paper discusses the concepts of cyber-physical resiliency, software design considerations, open-source software components, and use cases for the tool to demonstrate the implementation and importance of the developed tool.

Since 2018, Thai People Map and Analytics Platform (TPMAP) has been developed with the aims of supporting government officials and policy makers with integrated household and community data to analyze strategic plans, implement policies and decisions to alleviate poverty. However, to acquire complex information from the platform, non-technical users with no database background have to ask a programmer or a data scientist to query data for them. Such a process is time-consuming and might result in inaccurate information retrieved due to miscommunication between non-technical and technical users. In this paper, we have developed a Thai conversational agent on top of TPMAP to support self-service data analytics on complex queries. Users can simply use natural language to fetch information from our chatbot and the query results are presented to users in easy-to-use formats such as statistics and charts. The proposed conversational agent retrieves and transforms natural language queries into query representations with relevant entities, query intentions, and output formats of the query. We employ Rasa, an open-source conversational AI engine, for agent development. The results show that our system yields Fl-score of 0.9747 for intent classification and 0.7163 for entity extraction. The obtained intents and entities are then used for query target information from a graph database. Finally, our system achieves end-to-end performance with accuracies ranging from 57.5%-80.0%, depending on query message complexity. The generated answers are then returned to users through a messaging channel.

Mining of data is used to analyze facts to discover formerly unknown patterns, classifying and grouping the records. There are several crucial scalable statistics mining platforms that have been developed in latest years. RapidMiner is a famous open source software which can be used for advanced analytics, Weka and Orange are important tools of machine learning for classifying patterns with techniques of clustering and regression, whilst Knime is often used for facts preprocessing like information extraction, transformation and loading. This article encapsulates the most important and robust platforms.

Data mining visualization is an important aspect of big data visualization and analysis. The impact of the nature-inspired algorithm along with the impact of computing traditions for the complete visualization of the storage and data communication needs have been studied. This paper also explores the possibilities of the hybridization of data mining in terms of association of cloud computing. It also explores the data analytical view in the exploration of these approaches in terms of data storage in big data. Based on these aspects the methodological advancement along with the problem statements has been analyzed. This will help in the exploration of computational capability along with the new insights in this domain.

Experimentation focused on assessing the value of complex visualisation approaches when compared with alternative methods for data analysis is challenging. The interaction between participant prior knowledge and experience, a diverse range of experimental or real-world data sets and a dynamic interaction with the display system presents challenges when seeking timely, affordable and statistically relevant experimentation results. This paper outlines a hybrid approach proposed for experimentation with complex interactive data analysis tools, specifically for computer network traffic analysis. The approach involves a structured survey completed after free engagement with the software platform by expert participants. The survey captures objective and subjective data points relating to the experience with the goal of making an assessment of software performance which is supported by statistically significant experimental results. This work is particularly applicable to field of network analysis for cyber security and also military cyber operations and intelligence data analysis.

The availability of commercial fully immersive virtual reality systems allows the proposal and development of new applications that offer novel ways to visualize and interact with multidimensional neuroimaging data. We propose a system for the visualization and interaction with Magnetic Resonance Imaging (MRI) scans in a fully immersive learning environment in virtual reality. The system extracts the different slices from a DICOM file and presents the slices in a 3D environment where the user can display and rotate the MRI scan, and select the clipping plane in all the possible orientations. The 3D environment includes two parts: 1) a cube that displays the MRI scan in 3D and 2) three panels that include the axial, sagittal, and coronal views, where it is possible to directly access a desired slice. In addition, the environment includes a representation of the brain where it is possible to access and browse directly through the slices with the controller. This application can be used both for educational purposes as an immersive learning tool, and by neuroscience researchers as a more convenient way to browse through an MRI scan to better analyze 3D data.

Trust is a fundamental factor in how users engage in interactions with Visual Analytics (VA) systems. While the importance of building trust to this end has been pointed out in research, the aspect that trust can also be misplaced is largely ignored in VA so far. This position paper addresses this aspect by putting trust calibration in focus – i.e., the process of aligning the user’s trust with the actual trustworthiness of the VA system. To this end, we present the trust continuum in the context of VA, dissect important trust issues in both VA systems and users, as well as discuss possible approaches that can build and calibrate trust.

Traditionally Industrial Control System(ICS) used air-gap mechanism to protect Operational Technology (OT) networks from cyber-attacks. As internet is evolving and so are business models, customer supplier relationships and their needs are changing. Hence lot of ICS are now connected to internet by providing levels of defense strategies in between OT network and business network to overcome the traditional mechanism of air-gap. This upgrade made OT networks available and accessible through internet. OT networks involve number of physical objects and computer networks. Physical damages to system have become rare but the number of cyber-attacks occurring are evidently increasing. To tackle cyber-attacks, we have a number of measures in place like Firewalls, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). To ensure no attack on or suspicious behavior within network takes place, we can use visual aids like creating dashboards which are able to flag any such activity and create visual alert about same. This paper describes creation of parser object to convert Common Event Format(CEF) to Comma Separated Values(CSV) format and dashboard to extract maximum amount of data and analyze network behavior. And working of active querying by leveraging packet level data from network to analyze network inclusion in real-time. The mentioned methodology is verified on data collected from Waste Water Treatment Plant and results are presented.,} booktitle = {2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)

Nowadays, there is a flood of data such as naked body photos and child pornography, which is making people bloodless. In addition, people also distribute drugs through unknown dark channels. In particular, most transactions are being made through the Deep Web, the dark path. “Deep Web refers to an encrypted network that is not detected on search engine like Google etc. Users must use Tor to visit sites on the dark web” [4]. In other words, the Dark Web uses Tor's encryption client. Therefore, users can visit multiple sites on the dark Web, but not know the initiator of the site. In this paper, we propose the key idea based on the current status of such crimes and a crime information visual system for Deep Web has been developed. The status of deep web is analyzed and data is visualized using Java. It is expected that the program will help more efficient management and monitoring of crime in unknown web such as deep web, torrent etc.

We propose a novel visualization technique (Eagle-Eye) for intrusion detection, which visualizes a host as a commu- nity of system call traces in two-dimensional space. The goal of EagleEye is to visually cluster the system call traces. Although human eyes can easily perceive anomalies using EagleEye view, we propose two different methods called SAM and CPM that use the concept of data depth to help administrators distinguish between normal and abnormal behaviors. Our experimental results conducted on Australian Defence Force Academy Linux Dataset (ADFA-LD), which is a modern system calls dataset that includes new exploits and attacks on various programs, show EagleEye's efficiency in detecting diverse exploits and attacks.

With rapid growth of network size and complexity, network defenders are facing more challenges in protecting networked computers and other devices from acute attacks. Traffic visualization is an essential element in an anomaly detection system for visual observations and detection of distributed DoS attacks. This paper presents an interactive visualization system called TVis, proposed to detect both low-rate and highrate DDoS attacks using Heron's triangle-area mapping. TVis allows network defenders to identify and investigate anomalies in internal and external network traffic at both online and offline modes. We model the network traffic as an undirected graph and compute triangle-area map based on incidences at each vertex for each 5 seconds time window. The system triggers an alarm iff the system finds an area of the mapped triangle beyond the dynamic threshold. TVis performs well for both low-rate and high-rate DDoS detection in comparison to its competitors.

A cooperative network defense is one approach to fend off large-scale Distributed Denial-of-Service (DDoS) attacks. In this regard, the Blockchain Signaling System (BloSS) is a multi-domain, blockchain-based, cooperative DDoS defense system, where each Autonomous System (AS) is taking part in the defense alliance. Each AS can exchange attack information about ongoing attacks via the Ethereum blockchain. However, the currently operational implementation of BloSS is not interactive or visualized, but the DDoS mitigation is automated. In realworld defense systems, a human cybersecurity analyst decides whether a DDoS threat should be mitigated or not. Thus, this work presents the design of a security management dashboard for BloSS, designed for interactive use by cyber security analysts.

The paper discusses the use of virtual (VR) and augmented (AR) reality for visual analytics in information security. Paper answers two questions: “In which areas of information security visualization VR/AR can be useful?” and “What is the difference of the VR/AR from similar methods of visualization at the level of perception of information?”. The first answer is based on the investigation of information security areas and visualization models that can be used in VR/AR security visualization. The second answer is based on experiments that evaluate perception of visual components in VR.

The transition from high school to university is an exciting time for students including many new challenges. Particularly in the field of science, technology, engineering, and mathematics, the university dropout rate may reach up to 40%. The studies of physics rely on many abstract concepts and quantities that are not directly visible like energy or heat. We developed a mixed reality application for education, which augments the thermal conduction of metal by overlaying a representation of temperature as false-color visualization directly onto the object. This real-time augmentation avoids attention split and overcomes the perception gap by amplifying the human eye. Augmented and Virtual Reality environments allow students to perform experiments that were impossible to conduct for security or financial reasons. With the application, we try to foster a deeper understanding of the learning material and higher engagement during the studies.

This work presents the design and implementation of a large curved display system in a virtual reality (VR) environment that supports visualization of 2D datasets (e.g., images, buttons and text). By using this system, users are allowed to interact with data in front of a wide field of view and gain a high level of perceived immersion. We exhibit two use cases of this system, including (1) a virtual image wall as the display component of a 3D user interface, and (2) an inventory interface for a VR-based educational game. The use cases demonstrate capability and flexibility of curved displays in supporting varied purposes of data interaction within virtual environments.

Spreadsheets are widely used in industries for tabular data analysis, visualization and storage. Users often exchange spreadsheets' semi-structured data to collaborative analyze them. Recently, office suites integrated a software module that enables collaborative authoring of office files, including spreadsheets, to facilitate the sharing process. Typically spreadsheets collaborative authoring applications, like Google Sheets or Excel online, need to delocalize the entire file in public cloud storage servers. This choice is not secure for enterprise use because it exposes shared content to the risk of third party access. Moreover, available platforms usually provide coarse grained spreadsheet file sharing, where collaborators have access to all data stored inside a workbook and to all the spreadsheets' formulas used to manipulate those data. This approach limits users' possibilities to disclose only a small portion of tabular data and integrate data coming from different sources (spreadsheets or software platforms). For these reasons enterprise users prefer to control fine grained confidential data exchange and their updates manually through copy, paste, attach-to-email, extract-from-email operations. However unsupervised data sharing and circulation often leads to errors or, at the very least, to inconsistencies, data losses, and proliferation of multiple copies. We propose a model that gives business users a different level of spreadsheet data sharing control, privacy and management. Our approach enables collaborative analytics of tabular data focusing on fine grained spreadsheet data sharing instead of coarse grained file sharing. This solution works with a platform that implements an end to end encrypted protocol for sensitive data sharing that prevents third party access to confidential content. Data are never shared into public clouds but they are transferred encrypted among the administrative domains of collaborators. In this paper we describe the model and the implemented system that enable our solution. We focus on two enterprise use cases we implemented describing how we deployed our platform to speed up and optimize industry processes that involve spreadsheet usage.

The giant network of Internet of Things establishes connections between smart devices and people, with protocols to collect and share data. While the data is expanding at a fast pace in this era of Big Data, there are growing concerns about security and privacy policies. In the current Internet of Things ecosystems, at the intersection of the Internet of Things, Big Data, and Cybersecurity lies the subject that attracts the most attention. In aiding users in getting an adequate understanding, this paper introduces HackerNets, an interactive visualization for emerging topics in the crossing of IoT, Big Data, and Cybersecurity over time. To demonstrate the effectiveness and usefulness of HackerNets, we apply and evaluate the technique on the dataset from the social media platform.

The task of the insider threat detection is one of the most sophisticated problems of the information security. The analysis of the logs of the access control system may reveal on how employees move and interact providing thus better understanding on how personnel observe security policies and established business processes. The paper presents an approach to the detection of the location-centric employees' interaction patterns. The authors propose the formal definition of the interaction patterns and present the visualization-driven technique to the extraction of the patterns from the data when any prior information about existing interaction routine and procedures is not available. The proposed approach is demonstrated on the data set provided within VAST MiniChallenge-2 2016 contest.

With technology at our fingertips waiting to be exploited, the past decade saw the revolutionizing Human Computer Interactions. The ease with which a user could interact was the Unique Selling Proposition (USP) of a sales team. Human Computer Interactions have many underlying parameters like Data Visualization and Presentation as some to deal with. With the race, on for better and faster presentations, evolved many frameworks to be widely used by all software developers. As the need grew for user friendly applications, more and more software professionals were lured into the front-end sophistication domain. Application frameworks have evolved to such an extent that with just a few clicks and feeding values as per requirements we are able to produce a commercially usable application in a few minutes. These frameworks generate quantum lines of codes in minutes which leaves a contrail of bugs to be discovered in the future. We have also succumbed to the benchmarking in Software Quality Metrics and have made ourselves comfortable with buggy software's to be rectified in future. The exponential evolution in the cyber domain has also attracted attackers equally. Average human awareness and knowledge has also improved in the cyber domain due to the prolonged exposure to technology for over three decades. As the attack sophistication grows and zero day attacks become more popular than ever, the suffering end users only receive remedial measures in spite of the latest Antivirus, Intrusion Detection and Protection Systems installed. We designed a software to display the complete services and applications running in users Operating System in the easiest perceivable manner aided by Computer Graphics and Data Visualization techniques. We further designed a study by empowering the fence sitter users with tools to actively participate in protecting themselves from threats. The designed threats had impressions from the complete threat canvas in some form or other restricted to systems functioning. Network threats and any sort of packet transfer to and from the system in form of threat was kept out of the scope of this experiment. We discovered that end users had a good idea of their working environment which can be used exponentially enhances machine learning for zero day threats and segment the unmarked the vast threat landscape faster for a more reliable output.

Data Provenance has created an emerging requirement for technologies that enable end users to access, evaluate, and act on the provenance of data in recent years. In the era of Big Data, the amount of data created by corporations around the world has grown each year. As an example, both in the Social Media and e-Science domains, data is growing at an unprecedented rate. As the data has grown rapidly, information on the origin and lifecycle of the data has also grown. In turn, this requires technologies that enable the clarification and interpretation of data through the use of data provenance. This study proposes methodologies towards the visualization of W3C-PROV-O Specification compatible provenance data. The visualizations are done by summarization and comparison of the data provenance. We facilitated the testing of these methodologies by providing a prototype, extending an existing open source visualization tool. We discuss the usability of the proposed methodologies with an experimental study; our initial results show that the proposed approach is usable, and its processing overhead is negligible.

What makes a security visualization effective? How do we measure visualization effectiveness in the context of investigating, analyzing, understanding and reporting cyber security incidents? Identifying and understanding cyber-attacks are critical for decision making - not just at the technical level, but also the management and policy-making levels. Our research studied both questions and extends our Security Visualization Effectiveness Measurement (SvEm) framework by providing a full-scale effectiveness approach for both theoretical and user-centric visualization techniques. Our framework facilitates effectiveness through interactive three-dimensional visualization to enhance both single and multi-user collaboration. We investigated effectiveness metrics including (1) visual clarity, (2) visibility, (3) distortion rates and (4) user response (viewing) times. The SvEm framework key components are: (1) mobile display dimension and resolution factor, (2) security incident entities, (3) user cognition activators and alerts, (4) threat scoring system, (5) working memory load and (6) color usage management. To evaluate our full-scale security visualization effectiveness framework, we developed VisualProgger - a real-time security visualization application (web and mobile) visualizing data provenance changes in SvEm use cases. Finally, the SvEm visualizations aims to gain the users' attention span by ensuring a consistency in the viewer's cognitive load, while increasing the viewer's working memory load. In return, users have high potential to gain security insights in security visualization. Our evaluation shows that viewers perform better with prior knowledge (working memory load) of security events and that circular visualization designs attract and maintain the viewer's attention span. These discoveries revealed research directions for future work relating to measurement of security visualization effectiveness.

This paper demonstrates how the Insider Threat Cybersecurity Framework (ITCF) web tool and methodology help provide a more dynamic, defense-in-depth security posture against insider cyber and cyber-physical threats. ITCF includes over 30 cybersecurity best practices to help organizations identify, protect, detect, respond and recover to sophisticated insider threats and vulnerabilities. The paper tests the efficacy of this approach and helps validate and verify ITCF's capabilities and features through various insider attacks use-cases. Two case-studies were explored to determine how organizations can leverage ITCF to increase their overall security posture against insider attacks. The paper also highlights how ITCF facilitates implementation of the goals outlined in two Presidential Executive Orders to improve the security of classified information and help owners and operators secure critical infrastructure. In realization of these goals, ITCF: provides an easy to use rapid assessment tool to perform an insider threat self-assessment; determines the current insider threat cybersecurity posture; defines investment-based goals to achieve a target state; connects the cybersecurity posture with business processes, functions, and continuity; and finally, helps develop plans to answer critical organizational cybersecurity questions. In this paper, the webtool and its core capabilities are tested by performing an extensive comparative assessment over two different high-profile insider threat incidents.