VizSec 2010 Symposium on Visualization for Cyber Security

Symposium on Visualization for Cyber Security

September 14, 2010
  /   Ottawa, Ontario, Canada

In conjunction with RAID

The 7th International Symposium on Visualization for Cyber Security was held in Ottawa, Ontario, Canada on September 14, 2010. This symposium brought together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques. The keynote speaker was Richard Bejtlich.

VizSec was held in conjunction with the 13th International Symposium on Recent Advances in Intrusion Detection (RAID).

The proceedings are in the ACM Digital Library.


Tamara Yu, Richard Lippmann, James Riordan, Stephen Boyer
"EMBER: A Global Perspective on Extreme Malicious Behavior" slides | paper link
Jeffrey Guenther, Fred Volk and Mark Shaneck
"Proposing a Multi-touch Interface for Intrusion Detection Environments" slides | paper link
Matthew Chu, Kyle Ingols, Richard Lippmann, Seth Webster and Stephen Boyer
"Visualizing Attack Graphs, Reachability, and Trust Relationships with NAVIGATOR" slides | paper link
Qi Liao, Aaron Striegel and Nitesh Chawla
"Visualizing Graph Dynamics and Similarity for Enterprise Network Security and Management" slides | paper link
John R. Goodall, Hassan Radwan, Lenny Halseth
"Visual Analysis of Code Security" slides | paper link
Cynthia Wagner, Gerard Wagener, Radu State, Alexandre Dulaunoy and Thomas Engel
"PeekKernelFlows: Peeking into IP flows" slides | paper link
Eduard Glatz
"Visualizing Host Traffic through Graphs" slides | paper link
Michael Oehler, Dhananjay Phatak and John Krautheim
"Visualizing Your Key for Secure Phone Calls And Language Independence" slides | paper link
Wilson Lian, Fabian Monrose and John McHugh
"Traffic Classification Using Visual Motifs: An Empirical Evaluation" slides | paper link
Daniel Best, Shawn Bohn, Douglas Love, Adam Wynne and William Pike
"Real-Time Visualization of Network Behaviors for Situational Awareness" slides | paper link
Lane Harrison, Xianlin Hu, Xiaowei Ying, Aidong Lu, Weichao Wang and Xintao Wu
"Interactive Detection of Network Anomalies via Coordinated Multiple Views" slides | paper link
Jamie Rasmussen, Kate Ehrlich, Steven Ross, Susanna Kirk, Daniel Gruen and John Patterson
"Nimble Cybersecurity Incident Management through Visualization and Defensible Recommendations" slides | paper link


Robert Ferris and John Goodall
"A Visual Query Builder: Simplifying Data Selection" poster | abstract
Jeff Wilson and Robert Biddle
"Collaborative Multitouch Log Browsing" poster | abstract
Jake Spitzer and Cal Singh
"Graphical Passwords Using Google Maps" abstract
Steven Glowacki and Joshua Gminski
"Detecting Cloned Portions of Images" poster | abstract
Serguei Mokhov, Joey Paquet and Mourad Debbabi
"The Need to Support of Data Flow Graph Visualization of Forensic Lucid Programs, Forensic Evidence, and their Evaluation by GIPSY" poster | abstract

Keynote Speaker

Richard Bejtlich, GE

Is Security Visualization Useful in Production?

Is there is a disconnect between security visualization in theory and practice? In this keynote, Richard Bejtlich discussed the strengths and weaknesses of using security visualization in the enterprise. For example, why do analysts consistently refer to traditional displays, despite nearly ten years of work in the visualization arena? Why are most security products so limited when rendering data? What must be done to change this situation? Richard explored these topics based on experiences as Principal Technologist and Director of Incident Response for General Electric.

Richard Bejtlich is Director of Incident Response for General Electric, and serves as Principal Technologist for GE's Global Infrastructure Services division. Prior to GE, Richard operated TaoSecurity LLC as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation. Richard began his digital security career as a military intelligence officer at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. He wrote "The Tao of Network Security Monitoring" and "Extrusion Detection", and co-authored "Real Digital Forensics". He also writes for his blog ( and, and teaches for Black Hat.

The International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners in information visualization and cyber security to address the specific needs of the cyber security community through new and insightful visualization techniques. Co-located this year with the Symposium on Recent Advances in Intrusion Detection (RAID), the 7th VizSec will continue to provide opportunities for the two communities to collaborate and share insights into providing solutions for security needs through visualization approaches. Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series.

This year our focus is on understanding what makes effective visual interfaces for different cyber security tasks. This involves both advancing our understanding of what cyber security tasks are, and improving our understanding of what it means for a security visualization to be effective. Cyber security visualization tasks cover a wide range, including (but not limited to) acquiring situational awareness in massive datasets; analyzing data from disparate sources during incident handling; producing actionable reports for others; modelling the behaviour of systems; and predicting future events. Understanding the effectiveness of a cyber security visualization is not limited only to the usability of the interface itself, but, perhaps even more importantly, to the assessment of how the visualization advances security goals. Barriers confronting current researchers include understanding the tasks where visualization can be effective, concerns about available data for both usability and effectiveness assessment, lack of a common agreement about what constitutes sound experimental design, and the difficulties of measuring the relative effectiveness of security visualizations in practice. Additionally, discussions at VizSec 2009 raised the question about what role a science-based approach ought to play in the conjunction of visualization and security. While many researchers are making progress in these and other critical areas, much work remains.

Technical Papers

Full and short papers, poster abstracts and panel abstracts offering novel contributions in security visualization are solicited. Papers may present technique, applications, practical experience, theory, or experiments and evaluations. Papers are encouraged on technologies and methods that have been demonstrated to be useful for improving information systems security and that address lessons from actual application. We encourage papers that report results on visualization techniques and systems in solving all aspects of cyber security problems, including how visualization applies to:

Accepted papers and abstracts will appear in the ACM Digital Library. The program committee will select an accepted paper to receive the VizSec 2010 best paper award. A key element of the best paper selection process will be whether the results are believed to be repeatable by other scientists based on the algorithms and data provided in the paper.

General Chair
John Gerth, Stanford University
Program Chair
Dino Schweitzer, United States Air Force Academy
Publications Chair
John Goodall, Secure Decisions division of Applied Visions Inc.
Local Chair
Grant Vandenberghe, Defence Research and Development Canada
Local Co-Chair
Frédéric Massicotte, Communications Research Centre Canada
Emeritus Chair
Deb Frincke, Pacific Northwest National Laboratory

Program Committee