Magnifying glassVizSec 2017

Welcome to 14th IEEE Symposium on Visualization for Cyber Security

VizSec 2017 will be held in Phoenix, Arizona in conjunction with IEEE VIS on Monday October 2nd. VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

The VizSec 2017 Proceedings are available in the IEEE Digital Library. Recordings of the presentations can be found on the VizSec 2017 Vimeo group.

Questions? Please email chair@vizsec.org for questions regarding VizSec 2017.

Program

VizSec 2017 will be held all day on Monday October 2nd in room 301-C on the 300 Level of the West Building (between Second and Third Street on Monroe) in the Phoenix Convention Center.

8:30 8:45am

Opening Remarks
Remarks by Sophie Engle

8:45 9:45am

Keynote Address
Introduced by Celeste Lyn Paul

Maintaining Context by Alexander Anthony Gates, Director, Cyber Directorate, Office of Intelligence and Counterintelligence, U.S. Department of Energy

Please see below for the full abstract and bio.

9:45 10:10am

VizSec Poster Fast Forward
Moderated by Celeste Lyn Paul

Please see below for a list of accepted posters.

10:10 10:30am Coffee Break
10:30 12:10pm

Paper Session: Intrusion Detection
Moderated by Robert Gove

Firewall Ruleset Visualization Analysis Tool Based on Segmentation by Hyungseok Kim, Sukjun Ko, Dong Seong Kim, and Huy Kang Kim  

Network-Wide Intrusion Detection Supported by Multivariate Analysis and Interactive Visualization by Roberto Theron, Roberto Magán-Carrión, José Camacho, and Gabriel Maciá Fernández  


Paper Session: Malware
Moderated by Robert Gove

The Goods, the Bads and the Uglies: Supporting Decisions in Malware Detection through Visual Analytics by Marco Angelini, Leonardo Aniello, Simone Lenti, Giuseppe Santucci, and Daniele Ucci  

Interactive Visualization Toolbox to Detect Sophisticated Android Malware by Ganesh Ram Santhanam, Benjamin Holland, Suresh Kothari, and Jon Mathews  

12:10 2:00pm Lunch Break
2:00 3:40pm

Paper Session: Design
Moderated by Diane Staheli

Towards Designing Effective Visualizations for DNS-Based Network Threat Analysis by Rosa Romero-Gómez, Yacin Nadji, and Manos Antonakakis Best Paper  
Best Paper Award Sponsored by Two Six Labs.

Toward a Design Space for Cyber Security Visualizations Using Threat Models and Human-Centered Design by Lyndsey Franklin, Megan Pirrung, Michelle Dowling, Mi Feng, and Leslie Blaha  


Paper Session: Security Frameworks
Moderated by Diane Staheli

Expert-Interviews Led Analysis of EEVi — A Model for Effective Visualization in Cyber-Security by Aneesha Sethi and Gary Wills  

CRUMBS: A Cyber Security Framework Browser by Marco Angelini, Simone Lenti, and Giuseppe Santucci  

3:40 4:15pm Coffee Break
4:15 4:55pm

Paper Session: Short Papers
Moderated by Sophie Engle

STARLORD: Linked Security Data Exploration in a 3D Graph by Laetitia Leichtnam, Eric Totel, Nicolas Prigent, and Ludovic Mé  

Adversarial-Playground: A Visualization Suite Showing How Adversarial Examples Fool Deep Learning by Andrew P Norton and Yanjun Qi  

4:55 5:55pm

Panel and Closing Remarks
Moderated by Sophie Engle

Bridging the Divide: Lessons from the Trenches of Interdisciplinary and Applied Visualization Research
Panelists

Lyndsey Franklin, User Experience Research Scientist, Pacific Northwest National Laboratory

David Gotz, Associate Professor, School of Information and Library Science; Assistant Director, Carolina Health Informatics Program; Associate Member, UNC Lineberger Comprehensive Cancer Center, University of North Carolina at Chapel Hill

John Alexis Guerra Gómez, Assistant Professor, Los Andes University and Remote Lecturer, UC Berkeley

G. Elisabeta (Liz) Marai, Associate Professor, Electronic Visualization Lab, Department of Computer Science, University of Illinois at Chicago

Diane Staheli, Technical Staff, Cyber Systems and Operations Group, MIT Lincoln Laboratory

Please see below for more information.

Keynote

Alexander Gates

ALEXANDER ANTHONY GATES
Director, Cyber Directorate
Office of Intelligence and Counterintelligence
U.S. Department of Energy

Maintaining Context

What is the most difficult challenge to using visualization tools to obtain and maintain cyber situational awareness? Is it the data? Analytics? Stale dashboards or displays? Users? My vote is context. Visualization tools often fail to obtain significant adoption or user acceptance because the context obtained at one level of sharing (strategy, operational, tactical, or technical) is lost when viewed by different people, teams, or at a different level. Developing visualization strategies and tools that enable users to integrate data and information while maintaining context through the various levels of sharing is critical to achieving useful situational awareness in cyber and can be a vital feature in advancing the art of cyber security.

Biography

Mr. Alexander Gates serves as the Director of the Cyber Directorate for the Department of Energy's Office of Intelligence and Counterintelligence. He leads a diverse workforce that orchestrates the production and delivery of cyber intelligence and security services to key Department of Energy (DOE) customers and stakeholders. Mr. Gates works collaboratively across the government, national labs, industry, and academia to solve complex problems spanning a broad spectrum of information assurance and cyber security issues.

Mr. Gates brings a wealth of cyber-related technical, analytic, and leadership experiences to his current position at DOE, together with an impressive intelligence background. Before moving to DOE in 2016, Mr. Gates served as a technical director in the Nation Security Agency's (NSA) Information Assurance Directorate, whose mission is to protect and defend U.S. national security systems. As technical director, he led and advised on operations and research activities, often working collaborative across the government. He also served as the director of NSA's Cyber Integration Lab. In this role, Mr. Gates led the development of innovative technical and tradecraft solutions for integration into NSA's cyber mission elements, geared towards measurably improving NSA's ability to perform cyber analysis and operations. Mr. Gates also served in various leadership roles in the NSA Threat Operations Center and the NSA Threat Analysis Center where he specialized in cyber threat and the delivery of actionable intelligence and solutions to protect the nation against cyber threats. Earlier in his career, Mr. Gates amassed over two decades of service working in the intelligence, information operations, and military communities. He began his cryptologic career in 1983 when he enlisted in the U.S. Air Force. During his military career, he served as a supervisor, project manager, and intelligence analyst at stations in the United States and abroad. Mr. Gates joined the NSA as a civilian in 2002 while assigned to the Information Operations Technology Center, a joint DOD and Intelligence Community organization, where he served as senior analyst, supervisor, and program manager until 2004.

Mr. Gates holds a BS degree in Business Administration from Wayland Baptist University and a Masters of Public Administration degree from the University of Oklahoma. He also completed a graduate certificate program in Information and Telecommunications Systems from John Hopkins University.

Panel

Bridging the Divide: Lessons from the Trenches of Interdisciplinary and Applied Visualization Research

This panel discusses the diverse perspectives, experiences, and advice from panelists that have been successful in interdisciplinary or applied visualization research fields. The panelists come from a variety of domains, including cyber security visualization, biology visualization, visual analytics, health informatics, and more.

Panelists
Lyndsey Franklin
User Experience Research Scientist, Pacific Northwest National Laboratory
David Gotz
Associate Professor, School of Information and Library Science; Assistant Director, Carolina Health Informatics Program; Associate Member, UNC Lineberger Comprehensive Cancer Center, University of North Carolina at Chapel Hill

John Alexis Guerra Gómez
Assistant Professor, Los Andes University; Remote Lecturer, UC Berkeley

G. Elisabeta (Liz) Marai
Associate Professor of Computer Science, Electronic Visualization Lab, Department of Computer Science, University of Illinois at Chicago


Diane Staheli
Assistant Group Leader, Cyber Systems and Operations Group, MIT Lincoln Laboratory
Moderator
Sophie Engle
Associate Professor, Visualization and Graphics Lab, Department of Computer Science, University of San Francisco

Technical Papers

  • The Goods, the Bads and the Uglies: Supporting Decisions in Malware Detection through Visual Analytics by Marco Angelini, Leonardo Aniello, Simone Lenti, Giuseppe Santucci, and Daniele Ucci  

  • CRUMBS: a Cyber Security Framework Browser by Marco Angelini, Simone Lenti, and Giuseppe Santucci  

  • Toward a Design Space for Cyber Security Visualizations Using Threat Models and Human-Centered Design by Lyndsey Franklin, Megan Pirrung, Michelle Dowling, Mi Feng, and Leslie Blaha  

  • Firewall Ruleset Visualization Analysis Tool based on Segmentation by Hyungseok Kim, Sukjun Ko, Dong Seong Kim, and Huy Kang Kim  

  • Towards Designing Effective Visualizations for DNS-Based Network Threat Analysis by Rosa Romero-Gómez, Yacin Nadji, and Manos Antonakakis Best Paper  

  • Interactive Visualization Toolbox to Detect Sophisticated Android Malware by Ganesh Ram Santhanam, Benjamin Holland, Suresh Kothari, and Jon Mathews  

  • Expert-Interviews Led Analysis of EEVi - A Model for Effective Visualization in Cyber-Security by Aneesha Sethi and Gary Wills  

  • Network-Wide Intrusion Detection Supported by Multivariate Analysis and Interactive Visualization by Roberto Theron, Roberto Magán-Carrión, José Camacho, and Gabriel Maciá Fernández  

Short Papers

  • STARLORD: Linked Security Data Exploration in a 3D Graph by Laetitia Leichtnam, Eric Totel, Nicolas Prigent, and Ludovic Mé  

  • Adversarial-Playground: A Visualization Suite Showing How Adversarial Examples Fool Deep Learning by Andrew P Norton and Yanjun Qi  

Posters

  • A Survey of Technical Approaches for Developing, Deploying, and Adopting Visualizations in the Cybersecurity Domain by Robert Gove

  • Exploration of User Centered and System Based Approaches to Cyber Situation Awareness by Margaret Varga, Carsten Winkelholz, Susan Traeber-Burdin

  • Exploring the Design Space for Cyber Alerts in Context, by Michelle Dowling, Lyndsey Franklin, Mi Feng, Meg Pirrung, Robert Jasper, Joseph Cottam, Leslie Blaha

  • BiG2-KAMAS: Supporting Knowledge-Assisted Malware Analysis with Bi-Gram Based Valuation by Niklas Thür, Markus Wagner, Johannes Schick, Christina Niederer, Jürgen Eckel, Robert Luh, Wolfgang Aigner

  • Towards a Common Evaluation Framework for Cyber Security Visualizations by Noëlle Rakotondravony, Hans P. Reiser

  • Supporting Knowledge-assisted Rule Creation in a Behavior-based Malware Analysis Prototype by Johannes Schick, Niklas Thür, Christina Niederer, Gernot Rottermanner, Paul Tavolato, Wolfgang Aigner, Markus Wagner

Call for Papers

The 14th IEEE Symposium on Visualization for Cyber Security (VizSec) brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. VizSec will be held in Phoenix, AZ, USA in conjunction with IEEE VIS, on Monday, October 2nd, 2017.

VizSec explores effective and scalable visual interfaces for security domains such as network security, computer forensics, reverse engineering, insider threat detection, cryptography, privacy, user assisted attacks prevention, compliance management, wireless security, secure coding, and penetration testing.

VizSec solicits both full and short papers, both of which will be published in the proceedings that will be published by IEEE. Authors of accepted papers must guarantee that their papers will be presented at the conference.

Technical Papers

Full papers describing novel contributions in security visualization are solicited. Papers may present techniques, applications, theory, analysis, experiments, or evaluations. We encourage the submission of papers on technologies and methods that improve cyber security practices, including, but not limited to:

  • Situation awareness and/or understanding
  • Incident handling including triage, exploration, correlation, and response
  • Computer forensics
  • Recording and reporting results of investigations
  • Assisting proactive security configuration and deployment
  • Reverse engineering and malware analysis
  • Vulnerability management
  • Multiple data source analysis
  • Analyzing information requirements for computer network defense
  • Evaluation and/or user testing of VizSec systems
  • Criteria for assessing the effectiveness of cyber security visualizations (whether from a security goal perspective or a human factors perspective)
  • Modeling system and network behavior
  • Modeling attacker and defender behavior
  • Studying risk and impact of cyber attacks
  • Predicting future attacks or targets
  • Security metrics and education
  • Software security
  • Mobile application security
  • Social networking privacy and security

When applicable, visualization and interaction techniques that effectively capture the insights of human analysts and/or allow analysts to collaborate efficiently are particularly desirable.

Submissions including tests and evaluations of existing tools and techniques are also considered particularly desirable. If possible, making the data used for the tests available will also be considered positively. If you do not have real-world data to demonstrate your visualization, you may be interested in looking at the VizSec Data Sets page.

Short Papers

Short papers describing practical applications of security visualization are solicited. We encourage the submission of papers discussing the introduction of cyber security visualizations into operational context, including, but not limited to:

  • Cases where visualization made positive contributions towards meeting operational needs
  • Gaps or negative outcomes from visualization deployments
  • Situations where visualization was not utilized, but could have had a positive impact
  • Lessons learned from operational engagements
  • Insights gained from the transition process


Cyber security practitioners from industry, as well as the research community, are encouraged to submit case studies.

Posters

Poster submissions may showcase late-breaking results, work in progress, preliminary results, or visual representations relevant to the VizSec community. The poster program will be a great opportunity for the authors to interact with the attendees and solicit feedback. Accepted poster abstracts will be made available on the VizSec website.

Awards

There will be an award for the best paper from the accepted program. This award will be given to the paper judged to have the highest overall quality as determined by the program committee. Key elements of the selection process include whether papers include evaluation, repeatable results, and open-source data or software. Both full and short papers are eligible.

New! Thanks to the generous support of Two Six Labs, the best paper awardee will receive a $100 Amazon gift card!

Submissions

The VizSec 2017 proceedings will be published by IEEE. Submissions must be formatted using the IEEE "Conference Style" template that can be found at:

http://junctionpublishing.org/vgtc/Tasks/camera.html

All submissions must be in PDF format. To submit your full or short paper, login or create an account at:

https://precisionconference.com/~vizsec17

After logging in, click the "new submissions" link on the top navigation bar and look for the link for "Submit to Papers and Posters" in the list under the "VizSec 2017" heading.

Note Posters will be submitted via email instead of PCS. For more information, please see the Posters section below.

Papers

Full Papers should be at most 8 pages including the bibliography and appendices. Short papers should be at most 4 pages including the bibliography and appendices.

All papers will be peer-reviewed by at least 3 members of the program committee. Committee members are not required to read the appendices or any pages past the maximum. Submissions not meeting these guidelines will be rejected without consideration of their merit.

Reviews are single-blind, so authors may include names and affiliations in their submissions. Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings.

Posters

To submit a poster, please email an extended abstract as a PDF attachment to vizsec2017posters@cs.usfca.edu and include the author names and affiliations in the email body. Extended abstract should be at most 2 pages including the bibliography. Poster abstracts will be reviewed by the Poster Chair(s) and other members of the organizing committee to determine relevance to the VizSec community.

Accepted authors must present a corresponding poster during the workshop. The poster authors can determine the layout by themselves, but the dimensions of the posters should not exceed the A0 space (841mm x 1189mm or 33.1" x 46.8"). Additionally, poster authors are requested to give a brief oral preview during a plenary "fast forward" session.

Accepted poster abstracts will be made available on this website.

Diversity Scholarships New!

Thanks to the generous donations of our sponsors, we are delighted to announce that we will be offering several VizSec 2017 Diversity Scholarship awards to help cover the costs of attending VizSec. This scholarship award covers full week registration plus a small stipend to help offset travel costs.

All VizSec attendees may apply for the diversity scholarships except for those from a country on the OFAC sanctions list at:

http://www.ieee.org/conferences_events/conferences/organizers/sanctions.html

Applicants must submit a cover letter and curriculum vitae in PDF format. The cover letter should discuss your eligibility for this scholarship and how you would benefit from attending VizSec 2017. It should be no more than 2 pages (letter size) with at least 1 inch margins and 11pt or larger font.

Applications will also be asked to answer the following questions:

  • Are you from an underrepresented group in computer science? If so, please specify.
  • Please let us know your country or countries of citizenship, and the country and city you will be traveling from.
  • Are you currently a student? If so, please specify the degree and subject area you are working on, and where.
  • Have you ever attended VizSec or VIS before? If so, when?

To apply for this scholarship, login or create an account at:

https://precisionconference.com/~vizsec17b

After logging in, click the "new submissions" link on the top navigation bar and look for the link for "Submit to Diversity Scholarship" in the list under the "VizSec 2017" heading.

The application deadline is August 1, 2017 at 5:00pm PDT. Awardees will be notified by August 15, 2017, and must register for the conference by the early registration deadline on August 25, 2017.

Important Dates

All deadlines are 5:00 PM PST.

Papers and Short Papers

July 21, 2017 Submission for Papers and Short Papers Extended
August 15, 2017 Author Notification for Papers and Short Papers
September 12, 2017 Camera Ready Submission and Copyright Forms for Papers

Posters

August 29, 2017 Abstract Submission for Posters
September 9, 2017 Author Notification for Posters

Scholarships

August 1, 2017 Application for Diversity Scholarships
August 15, 2017 Applicant Notification for Scholarships
August 25, 2017 VizSec/VIS Early Registration Deadline

Committees

Organizing Committee

  • Sophie Engle, General Chair
    University of San Francisco
  • Diane Staheli, Program Chair
    MIT Lincoln Laboratory
  • Celeste Lyn Paul, Publications Chair
    US Department of Defense
  • Simon Walton, Poster Chair, Web Co-Chair
    Oxford e-Research Centre
  • Nicolas Prigent, Publicity Chair
    LSTI
  • Robert Gove, Sponsorship Chair
    Two Six Labs
  • Lane Harrison, Web Co-Chair
    Worcester Polytechnic Institute

Program Committee

  • Marco Angelini Sapienza University of Rome
  • Dustin Arendt Air Force Research Laboratory
  • Lauren Bradel U.S. Department of Defense
  • Andrea Brennen In-Q-Tel
  • Bram Cappers University of Technology Eindhoven (Tu/e)
  • Siming Chen Peking University
  • Ann Cox U.S. Department of Homeland Security
  • Valentino Di Donato Roma Tre University
  • Fabian Fischer University of Konstanz
  • Deborah Frincke National Security Agency
  • Carrie Gates Securelytix
  • John Gerth Stanford University
  • Steven Gomez Massachusetts Institute of Technology
  • Christopher Humphries INRIA
  • Philip Legg University of the West of England
  • Timothy Leschke U.S. Department of Defense, Johns Hopkins University
  • Frédéric Majorczyk DGA
  • Raffael Marty Loggly
  • Sean McKenna University of Utah
  • Chris Muelder Google
  • Stephen North Infovisible, LLC
  • Graig Sauer Towson University
  • Christopher Simpson National University
  • Awalin Sopan FireEye, Inc.
  • Sebastien Tricaud Splunk
  • David Trimm University of Maryland, Baltimore County (UMBC)
  • Sean Whalen Gladstone Institutes
  • Kirsten Whitley U.S. Department of Defense
  • Walter Willinger NIKSUN, Inc.

Supporters

  • IEEE Secure Development Conference (SecDev)

    The IEEE Secure Development Conference (IEEE SecDev), sponsored by the IEEE Cybersecurity Initiative, is distinguished by its focus on how to "build security in" (and not simply to discover the absence of security). Its goal is to encourage and disseminate ideas for secure system development among both academia and industry. Developers have valuable experiences and ideas that can inform academic research, and researchers have concepts, studies, and even code and tools that could benefit developers.

  • Two Six Labs

    Two Six Labs invents, prototypes and engineers breakthrough technologies for government and industry, with broad commitments in multiple areas of technological innovation. Two Six Labs' projects range from situational awareness interfaces for cyber operators to distributed sensor networks, from machine learning models that learn to reverse engineer malware to embedded devices that enable and protect our nation's warfighters.