The 9th International Symposium on Visualization for Cyber Security was held in Seattle, Washington, USA on October 15, 2012. VizSec brought together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques. The keynote speaker was Raffael Marty.

VizSec was held in conjunction with VisWeek.

The proceedings are in the ACM Digital Library.

Program Schedule

7:30 – 8:30

Breakfast and Registration

8:30 - 8:45

Dino Schweitzer, VizSec General Chair : Welcome

8:45 – 9:45

Raffael Marty - Keynote : Security Visualization - Let's Take a Step Back

9:45 – 10:10

Best Paper

• Florian Mansmann, Timo Göbel, and William Cheswick : Visual Analysis of Complex Firewall Configurations

10:10 – 10:30

Break

10:30 – 12:10

Paper Session 1

• Wenbin Fang, Barton P. Miller, and James A. Kupsch : Automated Tracing and Visualization of Software Security Structure and Properties
• Robert Erbacher : Visualization Design for Immediate High-Level Situational Awareness
• Lane Harrison, Riley Spahn, Mike Iannacone, Evan Downing, and John R. Goodall : NV: Nessus Vulnerability Visualization for the Web

12:10 – 2:00

Lunch

2:00 – 3:40

Paper Session 2

• Joshua Saxe, David Mentis, and Chris Greamo : Visualization of Shared System Call Sequence Relationships in Large Malware Corpora
• Wei Zhuo and Yacin Nadji : MalwareVis: Entry-based Visualization of Malware Network Traces
• Timothy Leschke and Alan Sherman : Change-Link: A Digital Forensic Tool for Visualizing Changes to Directory Trees
• Sophie Engle and Sean Whalen : Visualizing Distributed Memory Computations with Hive Plots

3:40 – 4:15

Break

4:15 – 5:55

Paper Session 3

• Orestis Tsigkas, Olivier Thonnard, and Dimitrios Tzovaras : Visual Spam Campaigns Analysis Using Abstract Graphs Representation
• Daisuke Inoue, Koei Suzuki, Mio Suzuki, Masashi Eto, and Koji Nakao : DAEDALUS-VIZ: Novel Real-time 3D Visualization for Darknet Monitoring-based Alert System
• Fabian Fischer, Johannes Fuchs, Pierre-Antoine Vervier, Florian Mansmann, and Oliver Thonnard : VisTracer: A Visual Analytics Tool to Investigate Routing Anomalies in Traceroutes
• Rafael Veras, Julie Thorpe, and Christopher Collins : Visualizing Semantics in Passwords: The Role of Dates

Papers

Florian Mansmann, Timo Göbel, and William Cheswick

Visual Analysis of Complex Firewall Configurations

Wenbin Fang, Barton P. Miller, and James A. Kupsch

Automated Tracing and Visualization of Software Security Structure and Properties

Robert Erbacher

Visualization Design for Immediate High-Level Situational Awareness

Lane Harrison, Riley Spahn, Mike Iannacone, Evan Downing, and John R. Goodall

NV: Nessus Vulnerability Visualization for the Web

Joshua Saxe, David Mentis, and Chris Greamo

Visualization of Shared System Call Sequence Relationships in Large Malware Corpora

Wei Zhuo and Yacin Nadji

MalwareVis: Entry-based Visualization of Malware Network Traces

Timothy Leschke and Alan Sherman

Change-Link: A Digital Forensic Tool for Visualizing Changes to Directory Trees

Sophie Engle and Sean Whalen

Visualizing Distributed Memory Computations with Hive Plots

Orestis Tsigkas, Olivier Thonnard, and Dimitrios Tzovaras

Visual Spam Campaigns Analysis Using Abstract Graphs Representation

Daisuke Inoue, Koei Suzuki, Mio Suzuki, Masashi Eto, and Koji Nakao

DAEDALUS-VIZ: Novel Real-time 3D Visualization for Darknet Monitoring-based Alert System

Fabian Fischer, Johannes Fuchs, Pierre-Antoine Vervier, Florian Mansmann, and Oliver Thonnard

VisTracer: A Visual Analytics Tool to Investigate Routing Anomalies in Traceroutes

Rafael Veras, Julie Thorpe, and Christopher Collins

Visualizing Semantics in Passwords: The Role of Dates

Keynote Speaker

Raffael Marty

Security Visualization - Let's Take a Step Back

Raffael Marty is a SaaS business expert, data visualization practitioner, and security data analyst. Raffael is the founder and ceo of pixlcloud, a visual analytics company. Prior, he co-founded Loggly, a cloud-based log management company. He has been a long term data analysis and visualization enthusiast and has spent a lot of time building and defining the security visualization space through open source tools, writing books, a number of papers, and speaking at conferences around the world. He is frequently consulting as an industry expert in all aspects of log analysis, computer security, and data visualization. Raffy has held various positions in the log management space at companies like Splunk, ArcSight, and IBM research where he also earned his masters in computer science. In addition to visualization, big data analysis, and computer security, Raffy is working with a number of startups and finds peace in zen meditation.

The International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization techniques. Co-located this year with VisWeek, the 9th VizSec will provide new opportunities for the usability and visualization communities to collaborate and share insights on a broad range of security-related topics. Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series.

Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.

Technical Papers

Full papers offering novel contributions in security visualization are solicited. Papers may present techniques, applications, practical experience, theory, analysis, or experiments and evaluations. We encourage papers on technologies and methods that have been demonstrated to be useful for improving cyber security practices, including but not limited to:

• Situational awareness / understanding
• Incident handling including triage, exploration, correlation, and response
• Computer forensics
• Recording and reporting results of investigation
• Reverse engineering and malware analysis
• Privacy
• Multiple data source analysis
• Analyzing information requirements for computer network defense
• Evaluation / User testing of VizSec systems
• Criteria for assessing the effectiveness of cyber security visualizations (whether from a security goal perspective or a human factors perspective)
• Modeling system and network behavior
• Modeling attacker and defender behavior
• Studying risk and impact of cyber attacks
• Predicting future attacks or targets
• Security metrics and education
• Lessons learned

Accepted papers will appear in the ACM Digital Library two weeks prior to the conference. The program committee will select an accepted paper to receive the VizSec Best Paper award. A key element of the best paper selection process will be whether the results are believed to be repeatable by other scientists based on the algorithms and data provided in the paper.

Awards

There will be an award for the best paper from the accepted program. The best paper award will be given to the paper judged to have the highest overall quality. A key element of the best paper selection process will be whether the results are believed to be repeatable by other scientists based on the algorithms and data provided in the paper. This award will be chosen by the program committee.

Data

If you do not have real-world data to demonstrate your visualization, you may be interested in looking at, and perhaps submitting an entry, for this year's VAST Challenge.

Last year's challenge also had cybersecurity data if you are looking for additional data.

General Chair

Dino Schweitzer, United States Air Force Academy

Program Chair

Daniel Quist, MIT Lincoln Laboratory

Publications Chair

John Goodall, Oak Ridge National Laboratory

Program Committee

• David Barrera, Carleton University
• Richard Bejtlich, TaoSecurity
• Greg Conti, US Military Academy at West Point
• Ron Dilley, UberAdmin
• David Ebert, Purdue University
• Alex Endert, Virginia Tech
• Rob Erbacher, Army Research Laboratory
• Carrie Gates, CA Technologies
• John Gerth, Stanford University
• Mark Haselkorn, University of Washington
• Tyler Hudak, KoreLogic Security
• Kohlhammer Jörn, Fraunhofer IGD
• Florian Mansmann, Universität Konstanz
• Raffael Marty, PixlCloud
• Jan Monsch, Google
• Joe Parry, Cambridge Intelligence
• Stephen North, AT&T
• Teryl Taylor, University of North Carolina
• Olivier Thonnard, Symantec
• Joanne Treurniet, Defence Research and Development Canada
• Kirsten Whitley, Department of Defense
• Pak Chung Wong, Pacific Northwest National Laboratory
• Anatoly Yelizarov, Lomonosov Moscow State University
• Tamara Yu, MIT Lincoln Laboratory
• Daniel Best, Pacific Northwest National Laboratory