Papers
- Gregory Conti, Erik Dean, Matthew Sinda and Benjamin Sangster
- "Visual Reverse Engineering of Binary and Data Files" slides | paper link
- Alexander Heitzmann, Bernardo Palazzi, Charalampos Papamanthou and Roberto Tamassia
- "Effective Visualization of File System Access-Control" slides | paper link
- Ying Xia, Kevin Fairbanks and Henry Owen
- "Visual Analysis of Program Flow Data with Data Propagation" paper link
- Moses Schwartz and L. M. Liebrock
- "A Term Distribution Visualization Approach to Digital Forensic String Search" slides | paper link
- Leevar Williams, Richard Lippmann and Kyle Ingols
- "GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool" slides | paper link
- Scott O’Hare, Steven Noel and Kenneth Prole
- "A Graph-Theoretic Visualization Approach to Network Risk Analysis" slides | paper link
- John Homer, Ashok Varikuti, Xinming Ou and Miles A. McQueen
- "Improving Attack Graph Visualization through Data Reduction and Attack Grouping" slides | paper link
- T. J. Jankun-Kelly, Josh Franck, David Wilson, Jeffery Carver, David Dampier and J. Edward Swan
- "Show Me How You See: Lessons from Studying Computer Forensics Experts for Visualization" slides | paper link
- Xiaoyuan Suo, Ying Zhu and Scott Owen
- "A Task Centered Framework for Computer Security Data Visualization" slides | paper link
- James Shearer, Kwan-Liu Ma and Toby Kohlenberg
- "BGPeep: An IP-Space Centered View for Internet Routing Data" slides | paper link
- Fabian Fischer, Florian Mansmann, Daniel A. Keim, Stephan Pietzko and Marcel Waldvogel
- "Large-Scale Network Monitoring for Visual Analysis of Attacks" slides | paper link
- Ryan Blue, Cody Dunne, Adam Fuchs, Kyle King and Aaron Schulman
- "Visualizing Real-Time Network Resource Usage" slides | paper link
- Kenneth Prole, John R. Goodall, Anita D. D’Amico and Jason K. Kopylec
- "Wireless Cyber Assets Discovery Visualization" slides | paper link
- Pavel Minarik and Tomas Dymacek
- "NetFlow Data Visualization Based on Graphs" slides | paper link
- Sergey Bratus, Axel Hansen, Fabio Pellacini and Anna Shubina
- "Backhoe, a Packet Trace and Log Browser" slides | paper link
- Jeff Janies
- "Existence Plots: A Low-Resolution Time Series for Port Behavior Analysis" paper link
- Shahrulniza Musa and David J. Parish
- "Using Time Series 3D AlertGraph and False Alert Classification to Analyse Snort Alerts" slides | paper link
- Grant Vandenberghe
- "Network Traffic Exploration Application: A Tool to Assess, Visualize, and Analyze Network Security Events" slides | paper link
Posters
- Scott Evans, Richard Bejtlich, Stephen Markham, Jeremy Impson and Eric Steinbrecher
- Towards Zero-Day Attack Detection through Intelligent Icon Visualization of MDL Model Proximity
- Glenn Fink, Jereme Haack, Wendy Maiden and Errin Fulp
- Cooperative Infrastructure Defense
Demos
- Dean Pierce
- Seeds of Contempt
- Raffael Marty and Jan Monsch
- Davix
- Kenneth Prole
- MeerCAT
- Alexander Heitzmann and Bernardo Palazzi
- TrACE: A Tool for Effective Visualization of File System Access-Control
Keynote Speaker
Ben Shneiderman, University of Maryland at College Park
Information Forensics: Harnessing visualization to support discovery
Ben Shneiderman is a Professor in the Department of Computer Science, Founding Director (1983-2000) of the Human-Computer Interaction Laboratory, and Member of the Institute for Advanced Computer Studies at the University of Maryland at College Park. He was made a Fellow of the ACM in 1997, elected a Fellow of the American Association for the Advancement of Science in 2001, and received the ACM CHI (Computer Human Interaction) Lifetime Achievement Award in 2001.
Since 1991 his major focus has been information visualization, beginning with his dynamic queries and starfield display research that led to the development of Spotfire. Dr. Shneiderman developed the treemap concept in 1991 which continues to inspire research and commercial implementations. Two current projects focus on network visualization: Network Visualization by Semantic Substrates and SocialAction.
The 5th International Workshop on Visualization for Cyber Security will provide a forum for new research in visualization for computer security. We are pleased to be holding this year's meeting in conjunction with the 11th International Symposium on Recent Advances in Intrusion Detection. The VizSec Workshop will be held at MIT in Cambridge, Massachusetts USA on Monday, September 15, 2008. The Keynote this year will be given by Ben Shneiderman on the topic Information Forensics: Harnessing visualization to support discovery.
As a result of previous VizSec workshops, we have seen both the application of existing visualization techniques to security problems and the development of novel security visualization approaches. However, VizSec research has focused on helping human analysts to detect anomalies and patterns, particularly in computer network defense. Other communities, led by researchers from the RAID Symposia, have researched automated methods for detecting anomalies and malicious activity.
The theme for this year's workshop, which will be held in conjunction with RAID 2008, will be on bridging the gap between visualization and automation, such as leveraging the power of visualization to create rules for intrusion detection and defense systems. We encourage VizSec participants to stay for the RAID Symposium and RAID participants to come a day early to participate in VizSec. There will be a discount for joint registration.
Technical Papers
We also solicit papers that report results on visualization techniques and systems in solving all aspects of cyber security problems, including:
- Visualization of Internet routing
- Visualization of packet traces and network flows
- Visualization of intrusion detection alerts
- Visualization of attack tracks
- Visualization of security vulnerabilities
- Visualization of attack paths
- Visualization of application processes
- Visualization for forensic analysis
- Visualization for correlating events
- Visualization for computer network defense training
- Visualization for offensive information operations
- Visualization for building rules
- Visualization for feature selection
- Visualization for cryptology
- Visualization for detecting anomalous activity
- Deployment and field testing of VizSec systems
- Evaluation and user testing of VizSec systems
- User and design requirements for VizSec systems
- Lessons learned from development and deployment of VizSec systems
All submitted papers will be peer-reviewed. Full and short papers will be published by Springer Lecture Notes in Computer Science (LNCS) in the VizSec 2008 Proceedings. Poster and Demo abstracts will be made available on the VizSec web site.
- General Chair
- John Goodall, Secure Decisions division of Applied Visions Inc.
- Program Co-Chairs
- Gregory Conti, United States Military Academy
- Kwan-Liu Ma, University of California at Davis
- Local Chair
- Robert K. Cunningham, Lincoln Laboratory
Program Committee
- Stefan Axelsson, Blekinge Institute of Technology
- Richard Bejtlich, General Electric
- Kris Cook, Pacific Northwest National Laboratory
- David Ebert, Purdue University
- Robert Erbacher, Utah State University
- Deborah Frincke, Pacific Northwest National Laboratory
- Carrie Gates, CA Labs
- John Gerth, Stanford University
- Barry Irwin, Rhodes University
- Daniel Keim, University of Konstanz
- Toby Kohlenberg, Intel
- Stuart Kurkowski, Air Force Institute of Technology
- Kiran Lakkaraju, University of Illinois at Urbana-Champaign
- Raffael Marty, Splunk
- Douglas Maughan, Department of Homeland Security
- John McHugh, Dalhousie University
- Penny Rheingans, UMBC
- Lawrence Rosenblum, National Science Foundation
- George Tadda, Air Force Research Lab
- Daniel Tesone, Applied Visions
- Alfonso Valdes, SRI International
- Kirsten Whitley, Department of Defense