The 4th International Workshop on Visualization for Cyber Security was held in Sacramento, CA, USA on October 29, 2007. VizSec brought together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

VizSec was held in conjunction with VisWeek.

The proceedings are in Springer Online and Springer Link.

Papers

J.R. Goodall

"Introduction to Visualization for Computer Security" paper link

A. D'Amico and K. Whitley

"The Real Work of Computer Network Defense Analysts: The Analysis Roles and Processes that Transform Network Data into Security Situation Awareness" paper link

J. Stoll, D. McColgin, M. Gregory, V. Crow and W. K. Edwards

"Adapting Personas for Use in Security Visualization Design" paper link

X. Suo, Y. Zhu and G. Scott Owen

"Measuring the Complexity of Computer Security Visualization Designs" paper link

T. H. Yu, B. W. Fuller, J. H. Bannick, L. M. Rossey and R. K. Cunningham

"Integrated Environment Management for Information Operations Testbeds" paper link

D. Phan, J. Gerth, M. Lee, A. Paepcke and T. Winograd

"Visual Analysis of Network Flow Data with Timelines and Event Plots" paper link

T. Taylor, S. Brooks and J. McHugh

"NetBytes Viewer: An Entity-Based NetFlow Visualization Utility for Identifying Intrusive Behavior" paper link

D. Lalanne, E. Bertini, P. Hertzog and P. Bados

"Visual Analysis of Corporate Network Intelligence: Abstracting and Reasoning on Yesterdays for Acting Today" paper link

J. Pearlman and P. Rheingans

"Visualizing Network Security Events Using Compound Glyphs from a Service-Oriented Perspective" paper link

B. Irwin and N. Pilkington

"High Level Internet Scale Traffic Visualization Using Hilbert Curve Mapping" paper link

S. Foresti and J. Agutter

"VisAlert: From Idea to Product" paper link

D. Schweitzer, L. Baird and W. Bahn

"Visually Understanding Jam Resistant Communication" paper link

F. Mansman, L. Meier and D. A. Keim

"Visualization of Host Behavior for Network Security" paper link

W. A. Pike, C. Scherrer and S. Zabriskie

"Putting Security in Context: Visual Correlation of Network Activity with Real-World Information" paper link

L. Williams, R. Lippmann and K. Ingols

"An Interactive Attack Graph Cascade and Reachability Display" paper link

C. Muelder, L. Chen, R. Thomason, K. -L. Ma and T. Bartoletti

"Intelligent Classification and Visualization of Network Scans" paper link

B. Irwin and J. -P. van Riel

"Using InetVis to Evaluate Snort and Bro Scan Detection on a Network Telescope" paper link

Invited Speaker

Stefano Foresti

Visalert: From Idea to Product

slides

Visalert is a visualization system designed to increase situational awareness and increased analysis abilities for monitoring network events: it enables to access data from multiple databases, correlate who, what, when and where, and zoom in-out information of interest. This presentation will describe the interdisciplinary user centered process to research, design and develop a technology to meet user needs. This includes direct examples and lessons learned interacting with the domain experts and users, the visual design iterations that evolved in the final metaphor, and the issues to consider in the process of evaluating and transfering technology to the end users.

Invited Speaker

Anita D'Amico and Kirsten Whitley.

The Real Work of Information Assurance Analysts

slides

This talk will cover three of the findings of a cognitive task analysis (CTA) of computer network defense (CND) analysts: 1) the hierarchy of data that is transformed through the analytical process from data into security situational awareness; 2) the definition and description of different roles of CND analysis; and 3) the workflow that analysts and analytical organizations engage in to process raw network data into meaningful security incidents. These CTA findings have implications for designing visualizations to improve the work processes and decision making of CND analysts. The findings also guided the design and development of VIAssist, a visual analytics system developed for and under evaluation by the CND community.

The VizSec 2007 Workshop on Visualization for Computer Security will provide a forum for new research in visualization for computer security. Building on the success of the previous three VizSEC workshops, we will again be meeting in conjunction with the IEEE Vis and InfoVis Conferences. The workshop will be held in Sacramento, CA USA on October 29, 2007.

Networked computers are increasingly ubiquitous, and they are subject to attack, misuse, and abuse. Every effort is being made by organizations and individuals to build and maintain trustworthy computing systems. Traditional, signature-based and statistical methods are limited in their capability to cope with the large, evolving data and the dynamic nature of Internet. In many applications, visualization proves very effective to understand large high-dimensional data. Thus, there is a growing interest in the development of visualization methods as alternative or complementary solutions to the pressing cyber security problems.

As a result of previous VizSec workshops, we have seen both the application of existing visualization techniques to security problems and the development of novel security visualization approaches. However, while security visualization research has addressed the development of applications there has only been limited coverage of user needs and designing visualization to support those needs. To address this shortcoming, the theme of this year's workshop will be on applying user-centered design to VizSec research, focusing on integrating users' needs, visualization design, and evaluation. This year's workshop will be an incubator for new ideas related to security visualization, a forum for garnering feedback from peers, and a place to identify and meet potential collaborators.

Technical Papers

We solicit papers that report results on visualization techniques and systems in solving all aspects of cyber security problems. Topics include, but are not limited to:

• Visualization of Internet routing for security
• Visualization of packet traces and network flows for security
• Visualization of security vulnerabilities and attack paths
• Visualization of intrusion detection alerts
• Visualization of application processes for security
• Visualization for forensic analysis
• Visualization for correlating events
• Visualization for computer network defense training
• Visualization for offensive information operations
• Visualization for feature selection
• Visualization for detecting anomalous activity
• Deployment and field testing of VizSEC systems
• Evaluation and user testing of VizSEC systems
• User and design requirements for VizSEC systems
• Lessons learned from VizSEC systems development and deployment

All submitted papers will be peer-reviewed. Accepted papers will be eligible to be published in an edited book by Springer after the workshop.

General Chair

John Goodall, Secure Decisions division of Applied Visions Inc.

Program Co-Chairs

Gregory Conti, United States Military Academy

Kwan-Liu Ma, University of California at Davis

Program Committee

• Kulsoom Abdullah, Georgia Institute of Technology
• Jim Agutter, University of Utah
• Stefan Axelsson, Blekinge Institute of Technology
• Anita D'Amico, Secure Decisions
• Glenn Fink, Pacific Northwest National Laboratory
• Deborah Frincke, Pacific Northwest National Laboratory
• John Gerth, Stanford University
• Patrick Hertzog, NEXThink S.A.
• Kiran Lakkaraju, University of Illinois at Urbana-Champaign
• Yarden Livnat, University of Utah
• Raffael Marty, Splunk
• Daniel Keim, University of Konstanz
• Stephen North, AT&T Research
• Penny Rheingans, UMBC
• Walt Tirenin, Air Force Research Laboratory
• Soon Tee Teoh, San Jose State University
• Kirsten Whitley, Department of Defense

National Information Assurance Research Laboratory