Magnifying glassVizSec 2018

Welcome to 15th IEEE Symposium on Visualization for Cyber Security

VizSec 2018 will be held in Berlin, Germany in conjunction with IEEE VIS on Monday October 22nd. VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

Questions? Please email for questions regarding VizSec 2018.


9:00 9:15am

Opening Remarks
Remarks by Diane Staheli

9:15 10:15am

Keynote Address
Introduced by Diane Staheli

Forever Failing - Why infosec is still not here by Dr. Sandro Gaycken, Director of the Digital Society Institute ESMT, Berlin, Germany

Please see below for the full abstract and bio.

10:15 10:40am

VizSec Poster and Demo Fast Forward
Moderated by Jörn Kohlhammer

Please see below for a list of accepted posters.

10:40 11:00am Break
11:00 12:40pm

Paper Session: Networks and Privacy
Moderated by Sophie Engle

Visual-Interactive Identification of Anomalous IP-Block Behavior Using Geo-IP Data by Alex Ulmer, Marija Schufrin, David Sessler, Jörn Kohlhammer  

Looking for a Black Cat in a Dark Room: Security Visualization for Cyber-Physical System Design and Analysis by Georgios Bakirtzis, Brandon James Simon, Cody H Fleming, Carl R. Elks  

Visual Analytics for Root DNS Data by Eric Krokos, Alexander R Rowden, Kirsten Whitley, Amitabh Varshney  

An Empirical Study on Perceptually Masking Privacy in Graph Visualizations by Jia-Kai Chou, Chris Bryan, Jing Li, Kwan-Liu Ma  

12:40 2:20pm Lunch Break
1:00 2:00pm

Birds-of-a-Feather Lunchtime Discussion: “Transition: The Power of Adaptation and Accommodation”
Led by Awalin Sopan, FireEye, Inc.

Technology around us is constantly evolving, so is our surroundings. While people from underrepresented group often go through more changes when they are reaching for success, change is something we all can related to. Being in a highly interdisciplinary field, we have much to share about how we can navigate the changes around us. We will see technological and demographic shift, and we ourselves will change over time. A large population vulnerable to cyber-threat are not in that position because their passwords were hacked, but because of their belief in the internet, may it be fake news or bot-accounts. How can we utilize our experience with transition to empathize with more people, and design a more successful career for ourselves and better products as well?

2:20 3:35pm

Paper Session: Analytics
Moderated by John Goodall

Building a Machine Learning Model for the SOC, by the Input from the SOC, and Analyzing it for the SOC by Awalin, Sopan, Matthew Berninger, Murali Kiran Mulakaluri, Raj Katakam  

Visualizing Automatically Detected Periodic Network Activity by Robert Gove, Lauren Deason  

Crush your data with ViC^2ES then CHISSL away by Dustin L Arendt, Lyndsey Franklin, Fumeng Yang, Brooke Brisbois, Ryan LaMothe  

3:35 4:00pm Demos
4:00 4:20pm Break
4:20 5:10pm

Paper Session: Malware Analysis
Moderated by Jörn Kohlhammer

ROPMate: Visually Assisting the Creation of ROP-based Exploits by Marco Angelini, Graziano Blasilli, Pietro Borrello Borrello, Emilio Coppa, Daniele Cono D'Elia, Serena Ferracci, Simone Lenti, Giuseppe Santucci Best Paper  
Best Paper Award Sponsored by Two Six Labs.

Eventpad: Rapid Malware Analysis and Reverse Engineering using Visual Analytics by Bram Cappers, Paulus N. Meessen, Sandro Etalle, Jarke van Wijk  

5:10 5:50pm

Paper Session: Short Papers
Moderated by Robert Gove

User Behavior Map: Visual Exploration for Cyber Security Session Dat by Siming Chen, Shuai Chen, Natalia Andrienko, Gennady Andrienko, Phong H. Nguyen, Cagatay Turkay, Olivier Thonnard, Xiaoru Yuan  

TAPESTRY: Visualizing Interwoven Identities for Trust Provenance by Yifan Yang, John Collomosse, Arthi Kanchana Manohar, Jo Briggs, Jamie Steane  


Closing Remarks
Diane Staheli


Dr Sandro Gaycken

Dr Sandro Gaycken
Senior Researcher and Director of the Digital Society Institute
ESMT Berlin


Dr Sandro Gaycken is founder and director of the Digital Society Institute at ESMT Berlin. He has published five scientific monographs, three on cyberwarfare, and more than 60 other scientific publications on cybersecurity. Sandro is an Oxford Martin School Fellow, a program committee member of Harvard-MIT’s annual conference series on cyber defense and cyber norms, a Senior Advisor for the AI Initiative at Harvard Kennedy School, co-lead “Programme Transverse Sécurité Défense, Sec. Cybersecurity” at elite French university CNAM, an EastWest Senior Fellow, a Senior Fellow of the German Council on Foreign Relations, a member of the Conversation Circle Intelligence Services in Germany, and an IEEE permanent reviewer. As an advisor to the German government, he developed the German foreign cyber policy strategy, testified numerous times in German parliament, and conducted many parliamentary dialogues. He was instrumental in bringing about the German chancellory’s German-Chinese No-Spy agreement, in the White House USTR’s effort to mitigate industrial espionage, and in IAEA and G8 efforts to control nuclear cybersecurity. In cyber military affairs, Sandro served as part of the German MoD’s cyber defense white book process, and moderated interdepartmental cyber coordination efforts. He serves as an expert witness in NATO military cyber counterintelligence cases, and as director in NATO’s SPS program, which develops and implements national cyberdefense strategies and technologies in the Middle East region. As an industrial advisor, Sandro has conducted nine major industry studies, ranging from smartgun and semiconductor component security assessments to strategic industry development issues. He advises large German cyber investors such as ammer!partners and Allianz ventures, developed Allianz’s cyber risk assessment methodology, and produced a buyer’s guide for the German DIHK and SME community, which lists 120 external criteria to assess the security quality of an IT-product. Sandro also founded the high assurance security company SECURE ELEMENTS Ltd., which offers impenetrable embedded systems and highly secure execution environments. Devoted to an open discourse and public enlightenment, he writes frequent op-eds in leading German newspapers like Handelsblatt, FAZ, Süddeutsche, and DIE ZEIT, and he comments regularly on cyber matters on mainstream media outlets such as Tagesschau, Heute, NTV, N24, CNN, BBC, Bloomberg, Forbes, The Economist, The Guardian, The Times, Wired, Vanity Fair, and Al Jazeera.


poster viewing will be in the Foyers room on Wednesday 5:20-7:00 PM during the main VIS power session

  • Doing User Behaviour Analytics through Interactive Visual User Profiles by Phong H. Nguyen, Siming Chen, Natalia Andrienko, Gennady Andrienko, Olivier Thonnard, Cagatay Turkay

  • Designing Visualisation Enhancements for SIEM Systems by Phong H. Nguyen, Siming Chen, Natalia Andrienko, Michael Kamp, Linara Adilova, Gennady Andrienko, Olivier Thonnard, Alysson Bessani, Cagatay Turkay

  • Visual Content Privacy Leaks on Social Media Networks by Jasmine DeHart, Christan Grant

  • Email Campaign Explorer for Detecting Malicious Email Campaigns by Awalin Sopan, Parnian Najafi

  • A Set Visualization Tool for Network Metadata Exploration and Threat Hunting by Brett Fouss, Dennis Ross, Shannon Robinson, Kenneth Alperin

  • Exploring the role of experts’ knowledge in visualizations for cyber security by Fabian Böehm, Noëlle Rakotondravony, Günther Pernul, Hans P. Reiser

  • Towards Bridging the Gap Between Visual Cybersecurity Analytics and Non-Experts by Means of User Experience Design by Marija Schufrin, Alex Ulmer, David Sessler, Jörn Kohlhammer

  • Multi-layer Onion-ring Visualization of Distributed Clusters for SmartX Multiview Visibility and Security by Jun-Sik Shin, Muhammad Usman, JongWon Kim

  • An Exploration of User Centered and System Based Approaches to Cyber Situation Awareness by Margaret Varga, Carsten Winkelhotz, Susan Träeber-Burdin

  • Visualizing Remote Network Reactions with Firewall Probe by Hyuga Kobayashi, Hideya Ochiai, Hiroshi Esaki

  • Heterogeneous Logs Graph Visualization and Clustering for Attack Traces Discovery by Laetitia Leichtnam, Éric Totel, Nicolas Prigent, Ludovic Mé

  • Call for Papers

    The 15th IEEE Symposium on Visualization for Cyber Security (VizSec) brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. VizSec will be held in Berlin, Germany in conjunction with IEEE VIS, on Monday, October 22nd, 2018.

    VizSec explores effective and scalable visual interfaces for security domains such as network security, computer forensics, reverse engineering, insider threat detection, cryptography, privacy, user assisted attacks prevention, compliance management, wireless security, secure coding, and penetration testing.

    VizSec solicits both full and short papers, both of which will be published in the proceedings that will be published by IEEE. Authors of accepted papers must guarantee that their papers will be presented at the conference.

    Technical Papers

    Full papers describing novel contributions in security visualization are solicited. Papers may present techniques, applications, theory, analysis, experiments, or evaluations. We encourage the submission of papers on technologies and methods that improve cyber security practices, including, but not limited to:

    • Situation awareness and/or understanding
    • Incident handling including triage, exploration, correlation, and response
    • Computer forensics
    • Recording and reporting results of investigations
    • Assisting proactive security configuration and deployment
    • Reverse engineering and malware analysis
    • Vulnerability management
    • Multiple data source analysis
    • Analyzing information requirements for computer network defense
    • Evaluation and/or user testing of VizSec systems
    • Criteria for assessing the effectiveness of cyber security visualizations (whether from a security goal perspective or a human factors perspective)
    • Modeling system and network behavior
    • Modeling attacker and defender behavior
    • Studying risk and impact of cyber attacks
    • Predicting future attacks or targets
    • Security metrics and education
    • Software security
    • Mobile application security
    • Social networking privacy and security

    When applicable, visualization and interaction techniques that effectively capture the insights of human analysts and/or allow analysts to collaborate efficiently are particularly desirable.

    Submissions including tests and evaluations of existing tools and techniques are also considered particularly desirable. If possible, making the data used for the tests available will also be considered positively. If you do not have real-world data to demonstrate your visualization, you may be interested in looking at the VizSec Data Sets page.

    Short Papers

    Short papers describing practical applications of security visualization are solicited. We encourage the submission of papers discussing the introduction of cyber security visualizations into operational context, including, but not limited to:

    • Cases where visualization made positive contributions towards meeting operational needs
    • Gaps or negative outcomes from visualization deployments
    • Situations where visualization was not utilized, but could have had a positive impact
    • Lessons learned from operational engagements
    • Insights gained from the transition process

    Cyber security practitioners from industry, as well as the research community, are encouraged to submit case studies.


    Poster submissions may showcase late-breaking results, work in progress, preliminary results, or visual representations relevant to the VizSec community. The poster program will be a great opportunity for the authors to interact with the attendees and solicit feedback. Accepted poster abstracts will be made available on the VizSec website.


    There will be an award for the best paper from the accepted program. This award will be given to the paper judged to have the highest overall quality as determined by the program committee. Key elements of the selection process include whether papers include evaluation, repeatable results, and open-source data or software. Both full and short papers are eligible.

    Thanks to the generous support of Two Six Labs, the best paper awardee will receive a $100 Amazon gift card!


    The VizSec 2018 proceedings will be published by IEEE. Submissions must be formatted using the IEEE "Conference Style" template that can be found at:

    All submissions must be in PDF format.

    After logging in, click the submissions link on the top navigation bar. Select Society: VGTC, Conference: VizSec 2018

    Note Posters will be submitted via email instead of PCS. For more information, please see the Posters section below.


    Full Papers should be at most 8 pages including the bibliography and appendices. Short papers should be at most 4 pages including the bibliography and appendices.

    All papers will be peer-reviewed by at least 3 members of the program committee. Committee members are not required to read the appendices or any pages past the maximum. Submissions not meeting these guidelines will be rejected without consideration of their merit.

    Reviews are single-blind, so authors may include names and affiliations in their submissions. Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings.


    To submit a poster, please email an extended abstract as a PDF attachment to and include the author names and affiliations in the email body. Extended abstract should be at most 2 pages including the bibliography. Poster abstracts will be reviewed by the Poster Chair(s) and other members of the organizing committee to determine relevance to the VizSec community.

    Accepted authors must present a corresponding poster during the workshop. The poster authors can determine the layout by themselves, but the dimensions of the posters should not exceed the A0 space (841mm x 1189mm or 33.1" x 46.8"). Additionally, poster authors are requested to give a brief oral preview during a plenary "fast forward" session.

    Accepted poster abstracts will be made available on this website.

    Diversity Scholarships

    Thanks to the generous donations of our sponsors, we are delighted to announce that we will be offering several VizSec 2018 Diversity Scholarship awards to help cover the costs of attending VizSec. This scholarship award covers full week registration plus a small stipend to help offset travel costs.

    Application Process

    All VizSec attendees may apply for the diversity scholarships except for those from a country on the OFAC sanctions list at:

    Applicants must submit a cover letter and curriculum vitae in PDF format. The cover letter should discuss your eligibility for this scholarship and how you would benefit from attending VizSec 2017. It should be no more than 2 pages (letter size) with at least 1 inch margins and 11pt or larger font.

    Applications will also be asked to answer the following questions:

    • Have you ever attended VizSec or VIS before? If so, when?
    • Are you currently a student? If so, please specify the degree and subject area you are working on, and where.
    • Are you from an underrepresented group in computer science? If so, please specify.
    • Please let us know your country or countries of citizenship, and the country and city you will be traveling from.

    To apply for this scholarship, login or create an account at:

    After logging in, click the "new submissions" link on the top navigation bar and look for the link for "Submit to VizSec 2018 Diversity Scholarship" in the list under the "VIS 2018" heading.

    The application deadline is August 22, 2018 at 5:00pm PDT. Awardees will be notified by September 04, 2018, and must register for the conference by the early registration deadline on September 7, 2018.

    Important Dates

    All deadlines are 5:00 PM PST.

    Call for Papers

    March 7, 2018 Call For Papers Open

    Papers and Short Papers

    July 22, 2018 Submission for Papers and Short Papers Extended
    August 15, 2018 Author Notification for Papers and Short Papers Updated
    August 24, 2017 Camera Ready Submission and Copyright Forms for Papers Updated


    August 29, 2018 Abstract Submission for Posters
    September 9, 2018 Author Notification for Posters


    August 22, 2018 Application for Diversity Scholarships
    September 4, 2018 Applicant Notification for Scholarships
    September 7, 2018 VizSec/VIS Early Registration Deadline


    Organizing Committee

    • Diane Staheli, General Chair Chair
      MIT Lincoln Laboratory
    • Celeste Lyn Paul, Program Co-Chair
      US Department of Defense
    • Jörn Kohlhammer, Program Co-Chair
      Fraunhofer IGD
    • Stoney Trent, Poster Chair
      United States Army
    • Daniel Best, Publications Chair
      Pacific Northwest National Laboratory
    • Nicolas Prigent, Publicity Chair
    • Robert Gove, Sponsorship Chair
      Two Six Labs
    • Graig Sauer, Web Chair
      US Department of Defense

    Program Committee

    • Marco Angelini Sapienza University of Rome
    • Dustin Arendt Pacific Northwest National Laboratory
    • Daniel Best Pacific Northwest National Laboratory
    • Lauren Bradel U.S. Department of Defense
    • Andrea Brennen In-Q-Tel
    • Laurin Buchanan Secure Decisions
    • Bram Cappers University of Technology Eindhoven (Tu/e)
    • Siming Chen Peking University
    • Ann Cox U.S. Department of Homeland Security
    • Sophie Engle University of San Francisco
    • Fabian Fischer University of Konstanz
    • Carrie Gates Securelytix
    • John Gerth Stanford University
    • Mohammad Ghoniem Luxembourg Institute of Science and Technology
    • Robert Gove Two Six Labs
    • Lane Harrison Worcester Polytechnic Institute
    • Christopher Humphries INRIA
    • Jörn Kohlhammer Fraunhofer IGD
    • Philip Legg University of the West of England
    • Timothy Leschke U.S. Department of Defense, Johns Hopkins University
    • Kristen Liggett Air Force Research Laboratory
    • Frédéric Majorczyk DGA
    • Raffael Marty Loggly
    • Sean McKenna University of Utah
    • Chris Muelder Google
    • Stephen North Infovisible, LLC
    • Celeste Paul U.S. Department of Defense, University of Maryland
    • Nicolas Prigent LSTI
    • Noëlle Rakotondravony Universität Passau
    • Rosa Romero-Gómez Uncharted Field Services Corporation
    • Giuseppe Santucci University of Rome "La Sapienza"
    • Graig Sauer U.S. Department of Defense, Towson University
    • Christopher Simpson National University
    • Awalin Sopan FireEye, Inc.
    • Diane Staheli MIT Lincoln Laboratory
    • Sebastien Tricaud Splunk
    • David Trimm University of Maryland, Baltimore County (UMBC)
    • Kirsten Whitley U.S. Department of Defense
    • Joseph Yuen Defence Science Technology Organisation


    • Two Six Labs

      Two Six Labs invents, prototypes and engineers breakthrough technologies for government and industry, with broad commitments in multiple areas of technological innovation. Two Six Labs' projects range from situational awareness interfaces for cyber operators to distributed sensor networks, from machine learning models that learn to reverse engineer malware to embedded devices that enable and protect our nation's warfighters.

      Open Position(s): Front End Software Engineer

    • PUNCH

      PUNCH is a boutique cyber-consulting firm that provides advanced analytics and strategic support to government and commercial clients. Our primary focus is in improving an organization’s awareness of and ability to manage a growing cyber threat environment. We focus on bolstering cyber preparedness by improving an organization’s analysts and the tools at their disposal.

      Open Position(s):

    • Fraunhofer IGD

      Fraunhofer IGD is one of the world’s leading institutes for applied research in Visual Computing, including computer graphics, computer vision, as well as virtual and augmented reality. We are part of Germany's largest research network on cyber-security for IT-based systems called CRISP, where IGD is responsible for user-centered visual analytics and biometric procedures.

      Open Position(s):

    • Data Machines Corp

      Data Machines Corp. is a small company dedicated to researching and advancing the state of the art in data analytics, multi-user cloud data analytic architectures, and large scale data processing pipelines.

      Open Position(s): Data Machines Jobs

    • FireEye

      FireEye is the leader in intelligence-led security-as-a-service. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,000 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.

      Open Position(s):