VizSec 2014 Visualization for Cyber Security

Visualization for Cyber Security

November 10, 2014
  /   Paris, France

In conjunction with IEEE VIS

VizSec was held in Paris, France on November 10, 2014. VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

VizSec was held in conjunction with IEEE VIS.

The proceedings are available in the ACM Digital Library: http://dl.acm.org/citation.cfm?id=2671491.

The VizSec 2014 presentations are available at the VizSec Vimeo group site.

The VizSec 2014 keynote speaker was Dan Hubbard.

Program Schedule

8:30 – 8:45
Kirsten Whitley, VizSec Chair: Welcome
8:45 – 9:45
Keynote: Dan HubbardSecurity at the Pace of Change: Storytelling with Security Viz
9:45 – 10:10
Poster Fast Forward
10:10 – 10:30
Break
10:30 – 12:10
Paper Session: General
  • Visualization Evaluation for Cyber Security: Trends and Future Directions
    Diane Staheli, Yu Tamara, R. Jordan Crouser, Suresh Damodaran, Kevin Nam, David O'Gwynn, Lane Harrison and Sean McKenna
  • Multiple Queries with Conditional Attributes (QCATs) for Anomaly Detection and Visualization
    Simon Walton, Eamonn Maguire and Min Chen
  • NStreamAware: Real-Time Visual Analytics for Data Streams to Enhance Situational Awareness
    Fabian Fischer and Daniel A. Keim
  • IMap: Visualizing Network Activity over Internet Maps
    J. Joseph Fowler, Thienne Johnson, Paolo Simonetto, Michael Schneider, Carlos Acedo, Stephen Kobourov and Loukas Lazos
12:10 – 2:00
Lunch
2:00 – 3:40
Paper Session: Networks
  • 7 Key Challenges for Visualization in Cyber Network Defense
    Daniel Best, Alex Endert and Daniel Kidwell
  • Visual Filter: Graphical Exploration of Network Security Log Files
    Jan-Erik Stange, Johannes Landstorfer, Marian Dörk and Reto Wettach
  • CORGI: Combination, Organization and Reconstruction through Graphical Interactions
    Christopher Humphries, Nicolas Prigent, Christophe Bidan and Frédéric Majorczyk
  • OCEANS – Online Collaborative Explorative Analysis on Network Security
    Siming Chen, Cong Guo, Xiaoru Yuan, Fabian Merkle, Hanna Schaefer and Thomas Ertl
3:40 – 4:15
Break
4:15 – 5:55
Paper Session: Malware
  • Problem Characterization and Abstraction for Visual Analytics in Behavior-Based Malware Pattern Analysis
    Markus Wagner, Wolfgang Aigner, Alexander Rind, Hermann Dornhackl, Konstantin Kadletz, Robert Luh and Paul Tavolato
  • Detecting Malware Samples with Similar Image Sets
    Alexander Long, Josh Saxe and Robert Gove
  • SEEM: A Scalable Visualization for Comparing Multiple Large Sets of Attributes for Malware Analysis
    Robert Gove, Joshua Saxe, Sigfried Gold, Alex Long and Giacomo Bergamo
  • DAVAST: Data-centric Activity Visualization at the System Level
    Tobias Wüchner, Alexander Pretschner and Martin Ochoa
5:55 – 6:00
Break
6:00 – 7:00
Poster Session

Keynote

Dan Hubbard

Security at the Pace of Change: Storytelling with Security Viz

Over the last few years, the security industry has been leapfrogged in innovation by both attackers and advances in the greater information technology landscape. Incremental changes in how we defend networks and data are no longer good enough to keep up with the pace of change. We are losing ground more rapidly than ever before.

The Big Data movement, when paired with visualization, gives the security industry a chance to get back to innovating and get ahead of the pace of change. Our ability to explore data in a meaningful way is critical to discovering, predicting, and ultimately detecting advanced threats in the future. The addition to new interfaces and 3D exploration models provide researchers with additional techniques to examine data and tell meaningful security stories.

OpenDNS

Dan Hubbard is the Chief Technology Officer for OpenDNS. A pioneering force in Internet security for more than 20 years, Dan’s expertise spans from reputation systems to large scale data mining of the Internet and advanced classification systems. Dan joined OpenDNS to expand the company’s breadth and depth of knowledge of security and products, assist in delivering disruptive new technologies and drive innovation company-wide. Prior to OpenDNS, Dan was the CTO at Websense, where he was responsible for research and development of existing and new technologies, investigating technology trends and driving innovation globally across the company. Additionally, he conceived, built, and managed the Websense Security Labs. Dan has presented at almost every major security conference around the globe, appeared on several international media outlets and is frequently quoted in the media.

Papers

Siming Chen, Cong Guo, Xiaoru Yuan, Fabian Merkle, Hanna Schaefer and Thomas Ertl
"OCEANS - Online Collaborative Explorative Analysis on Network Security"
Markus Wagner, Wolfgang Aigner, Alexander Rind, Hermann Dornhackl, Konstantin Kadletz, Robert Luh and Paul Tavolato
"Problem Characterization and Abstraction for Visual Analytics in Behavior-Based Malware Pattern Analysis"
Simon Walton, Eamonn Maguire and Min Chen
"Multiple Queries with Conditional Attributes (QCATs) for Anomaly Detection and Visualization"
Tobias Wüchner, Alexander Pretschner and Martin Ochoa
"DAVAST: Data-centric Activity Visualization at the System Level"
Daniel Best, Alex Endert and Daniel Kidwell
"7 Key Challenges for Visualization in Cyber Network Defense"
Jan-Erik Stange, Johannes Landstorfer, Marian Dörk and Reto Wettach
"Visual Filter: Graphical Exploration of Network Security Log Files"
Diane Staheli, Yu Tamara, R. Jordan Crouser, Suresh Damodaran, Kevin Nam, David O'Gwynn, Lane Harrison and Sean McKenna
"Visualization Evaluation for Cyber Security: Trends and Future Directions"
Christopher Humphries, Nicolas Prigent, Christophe Bidan and Frédéric Majorczyk
"CORGI: Combination, Organization and Reconstruction through Graphical Interactions"
Fabian Fischer and Daniel A. Keim
"NStreamAware: Real-Time Visual Analytics for Data Streams to Enhance Situational Awareness"
Robert Gove, Joshua Saxe, Sigfried Gold, Alex Long and Giacomo Bergamo
"SEEM: A Scalable Visualization for Comparing Multiple Large Sets of Attributes for Malware Analysis"
J. Joseph Fowler, Thienne Johnson, Paolo Simonetto, Michael Schneider, Carlos Acedo, Stephen Kobourov and Loukas Lazos
"IMap: Visualizing Network Activity over Internet Maps"
Alexander Long, Josh Saxe and Robert Gove
"Detecting Malware Samples with Similar Image Sets"

Posters

Sean McKenna
"Designing STAR: A Cyber Dashboard Prototype" poster | abstract
Jussi Timonen
"Situational awareness and visualization in a cyber environment and a C2 system of dismounted soldiers" abstract
Marco Angelini, Dario De Santis, Giuseppe Santucci
"Toward Geographical Visualizations for hierarchical security data" abstract
Peter Curtis, Nathan Phillips, Daniel Simpkins, T.J. Jankun-Kelly
"Poster: A Tool for Rapid Visual Interrogation & Triage of Alerts" abstract

The 11th Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. VizSec will be held in Paris, France on November 10, 2014 in conjunction with IEEE VIS.

Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing user assisted attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture the insights of human analysts so that further processing may be handled by machines, freeing analysts for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software that facilitates generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.

Technical Papers

Full papers describing novel contributions in security visualization are solicited. Papers may present techniques, applications, practical experience, theory, analysis, or experiments and evaluations. We encourage the submission of papers on technologies and methods that promise to improve cyber security practices, including, but not limited to:

Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series.

Posters

Poster submissions may showcase late-breaking results, work in progress, preliminary results, or visual representations relevant to the VizSec community. The poster program will be a great opportunity for the authors to interact with the attendees and solicit feedback. Accepted poster abstracts will be made available on this website.

Data

If you do not have real-world data to demonstrate your visualization, you may be interested in looking at the VAST 2012 Challenge data. VAST 2013 and VAST 2011 also had cyber security data if you are looking for additional data.

Papers

Papers should be at most 8 pages including the bibliography and appendices. Committee members are not required to read the appendices or any pages past the maximum. Submissions not meeting these guidelines will be rejected without consideration of their merit. Reviews are single-blind, so authors may include names and affiliations in their submissions. Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Authors of accepted papers must guarantee that their papers will be presented at the conference.

The VizSec proceedings will be published by ACM. The ACM SIG Proceedings Templates provides Word and LaTeX templates. (If you are using LaTeX, please use Option 2: LaTeX2e - Tighter Alternate style.)

Authors should apply ACM Computing Classification categories and terms.

ACM invites authors to submit an image representation of their article. The image must be selected from the article body and can be any of the following: art, graphic, table, figures, etc. (Image files are to be as square as possible, 100x100 ppi and in jpg format.) Authors must supply a caption with the image. The caption length should be no more than 512 characters.

Posters

Interested authors should submit an extended abstract as PDF of at most 2 pages including figures and references. Accepted abstracts will be made available on this website. Authors must present a corresponding poster during the workshop. The poster authors can determine the layout by themselves, but the dimensions of the posters should not exceed the A0 space (841mm x 1189mm or 33.1" x 46.8"). Additionally, poster authors are requested to give a brief oral preview during a plenary "fast forward" session.

Submission

Submit papers and poster abstracts using EasyChair: http://www.easychair.org/conferences/?conf=vizsec2014

All deadlines are 5:00 PM PST

Papers (updated)

August 8, 2014
Submission for Papers
September 12, 2014
Author Notification for Papers
October 3, 2014
Camera Ready Submission and Copyright Forms for Papers

Posters

September 19, 2014
Abstract Submission for Posters
September 26, 2014
Author Notification for Poster

VizSec is held with IEEE VIS.

To register, continue to the IEEE VIS Conference Registration page.

For more information on the venue and hotel, please see the IEEE VIS 2014 Conference Venue page.

General Chair
Kirsten Whitley, US Department of Defense
Program Chair
Sophie Engle, University of San Francisco
Publications Chair
Lane Harrison, Tufts University
Poster Chair
Fabian Fischer, University of Konstanz
Local Chair
Nicolas Prigent, Supélec
website
John Goodall, Oak Ridge National Laboratory

Program Committee

Email questions to vizsec2014@easychair.org or post to the Google Group.