The 5th International Workshop on Visualization for Cyber Security will provide a forum for new research in visualization for computer security. We are pleased to be holding this year's meeting in conjunction with the 11th International Symposium on Recent Advances in Intrusion Detection. The VizSec Workshop will be held at MIT in Cambridge, Massachusetts USA on Monday, September 15, 2008. The Keynote this year will be given by Ben Shneiderman on the topic Information Forensics: Harnessing visualization to support discovery.

As a result of previous VizSec workshops, we have seen both the application of existing visualization techniques to security problems and the development of novel security visualization approaches. However, VizSec research has focused on helping human analysts to detect anomalies and patterns, particularly in computer network defense. Other communities, led by researchers from the RAID Symposia, have researched automated methods for detecting anomalies and malicious activity.

The theme for this year's workshop, which will be held in conjunction with RAID 2008, will be on bridging the gap between visualization and automation, such as leveraging the power of visualization to create rules for intrusion detection and defense systems. We encourage VizSec participants to stay for the RAID Symposium and RAID participants to come a day early to participate in VizSec. There will be a discount for joint registration.

We also solicit papers that report results on visualization techniques and systems in solving all aspects of cyber security problems, including:

• Visualization of Internet routing
• Visualization of packet traces and network flows
• Visualization of intrusion detection alerts
• Visualization of attack tracks
• Visualization of security vulnerabilities
• Visualization of attack paths
• Visualization of application processes
• Visualization for forensic analysis
• Visualization for correlating events
• Visualization for computer network defense training
• Visualization for offensive information operations
• Visualization for building rules
• Visualization for feature selection
• Visualization for cryptology
• Visualization for detecting anomalous activity
• Deployment and field testing of VizSec systems
• Evaluation and user testing of VizSec systems
• User and design requirements for VizSec systems
• Lessons learned from development and deployment of VizSec systems

All submitted papers will be peer-reviewed. Full and short papers will be published by Springer Lecture Notes in Computer Science (LNCS) in the VizSec 2008 Proceedings. Poster and Demo abstracts will be made available on the VizSec web site.

Full papers should present mature research results. Accepted papers will be presented and included in the VizSec 2008 proceedings. Papers must include an abstract and a list of keywords and can be up to 18 pages in total length, including the bibliography and appendices.

Short papers can be used to present less mature research results than full papers, or late-breaking results. Accepted short papers will be presented and included in the VizSec 2008 proceedings. Short papers must include an abstract and a list of keywords and can be up to 8 pages in total length, including the bibliography and appendices.

Posters can be used to describe work in progress or updates to previously published VizSec research or R&D. Poster submissions should consist of a 2 page abstract. Poster will be presented at the VizSec/RAID reception. Abstracts will be made available on the web site.

Demonstrations can be used to show new or updated development efforts. Demo submissions should consist of a 2 page abstract. Demonstrations will take place at the VizSec/RAID reception. (You will need to bring a laptop for demos.) Abstracts will be made available on the web site.

Submissions should list all authors and their affiliations; in case of multiple authors, the contact author must be indicated (anonymized submissions are not required). For accepted papers, at least one of the authors must attend the conference to present the work. Submissions must be in PDF format. All submissions should include an abstract, keywords, references, and high resolution, color images.

Submissions must not substantially duplicate work that any of the authors has published elsewhere or has submitted in parallel to a journal or to any other conference or workshop with proceedings. Simultaneous submission of the same work to multiple venues, submission of previously published work, and plagiarism constitute dishonesty or fraud. VizSec, like other scientific and technical conferences and journals, prohibits these practices and may, on the recommendation of the program chair, take action against authors who have committed them. Further questions on the submission process may be sent to the program chair.

All accepted, camera-ready manuscripts must be submitted using the LaTeX2e (strongly preferred) or Word templates provided by Springer for LNCS 'Proceedings and Other Multiauthor Volumes.'
    Springer LNCS author instructions

Please submit PDF papers using the EasyChair workshop site:
    http://www.easychair.org/conferences/?conf=vizSEC08

Deadline for full paper submission

Deadline for short paper submissions

Notification of paper acceptance

Deadline for final camera ready full and short papers

Deadline for poster and demo abstracts

Notification for poster and demo acceptance

Early Bird registration closes

Workshop

Information Forensics: Harnessing visualization to support discovery

Ben Shneiderman is a Professor in the Department of Computer Science, Founding Director (1983-2000) of the Human-Computer Interaction Laboratory, and Member of the Institute for Advanced Computer Studies at the University of Maryland at College Park. He was made a Fellow of the ACM in 1997, elected a Fellow of the American Association for the Advancement of Science in 2001, and received the ACM CHI (Computer Human Interaction) Lifetime Achievement Award in 2001.

Since 1991 his major focus has been information visualization, beginning with his dynamic queries and starfield display research that led to the development of Spotfire. Dr. Shneiderman developed the treemap concept in 1991 which continues to inspire research and commercial implementations. Two current projects focus on network visualization: Network Visualization by Semantic Substrates and SocialAction.

Registration and breakfast

Keynote : Information Forensics: Harnessing visualization to support discovery
Ben Shneiderman, University of Maryland at College Park

Paper Sessions

Lunch

Panel : The need for applied visualization in information security today
Moderator Toby Kohlenberg, Intel

Paper Sessions

Joint Paper Sessions with RAID

Catered Joint Poster Session with RAID at the Tang Center

Registration details will be posted in May. There will be a discount for joint VizSec/RAID registration.

The workshop will be held on the MIT campus at the Wong Auditorium in the Tang Center. For information on things to do at MIT, in Cambridge, and in Boston, please see the MIT visitor page. For maps and information on hotels, restaurants, and attractions in the Boston area, please see the Greater Boston Convention and Visitors Bureau site or call 1-888-SEE-BOSTON to speak with a Visitor Information Representative.

Limited accommodations for RAID/VizSec are available at the Boston Marriott Cambridge, located directly across the street from the conference venue. We have guaranteed 35 rooms at the reduced rate of $219 single/double occupancy; you must mention RAID to get the special group rate.

Boston Marriott Cambridge
2 Cambridge Center, (Broadway & Third Streets)
Cambridge, Massachusetts 02142 USA
Phone: 1-617-494-6600
Fax: 1-617-494-0036
Price per room per night: $219

Note: When the rooms reserved in the RAID/VizSec block are sold out, requests will be handled on a space-available basis at the hotel's standard rate. Make your reservations early!

John Goodall, Secure Decisions division of Applied Visions, Inc.

Gregory Conti, United States Military Academy
Kwan-Liu Ma, University of California at Davis

Robert K. Cunningham, Lincoln Laboratory

Stefan Axelsson, Blekinge Institute of Technology
Richard Bejtlich, General Electric
Kris Cook, Pacific Northwest National Laboratory
David Ebert, Purdue University
Robert Erbacher, Utah State University
Deborah Frincke, Pacific Northwest National Laboratory
Carrie Gates, CA Labs
John Gerth, Stanford University
Barry Irwin, Rhodes University
Daniel Keim, University of Konstanz
Toby Kohlenberg, Intel
Stuart Kurkowski, Air Force Institute of Technology
Kiran Lakkaraju, University of Illinois at Urbana-Champaign
Douglas Maughan, Department of Homeland Security
Raffael Marty, Splunk
John McHugh, Dalhousie University
Penny Rheingans, UMBC
Lawrence Rosenblum, National Science Foundation
George Tadda, Air Force Research Lab
Daniel Tesone, Applied Visions
Kirsten Whitley, Department of Defense
Alfonso Valdes, SRI International
Maria Zemankova, National Science Foundation

Email questions about the workshop to John Goodall:
    johng < at > securedecisions < dot > avi < dot > com