Magnifying glassVizSec 2020

Welcome to 17th IEEE Symposium on Visualization for Cyber Security

VizSec 2020 will be held in conjunction with IEEE VIS. VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

To register for VizSec, see the IEEE VIS registration page.

Questions? Please email for questions regarding VizSec 2020.


All timeslots are Mountain Time Zone (USA), UTC−07:00.

Opening, Keynote, Best Paper

08:00 - 08:10
Opening Presentation by Jörn Kohlhammer
08:10 - 09:00
Keynote address by Joshua Saxe, Sophos. Please see below for the full abstract and bio.
09:00 - 09:05
Best Paper Introduction by Marco Angelini
09:05 - 09:30
Best Paper A Visualization Interface to Improve the Transparency of Collected Personal Data on the Internet by Marija Schufrin, Steven Lamarr Reynolds, Arjan Kuijper, Jörn Kohlhammer Best Paper, Featured in TVCG
09:30 - 09:45

Network analysis and Incident response, Practitioner Talks
moderated by Lane Harrison

10:00 - 10:20
Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents by Michal Beran, František Hrdina, Daniel Kouřil, Radek Ošlejšek, Kristina Zakopcanova
10:20- 10:40
Improving Interpretability for Cyber Vulnerability Assessment Using Focus and Context Visualizations by Kenneth Alperin, Dr Allan Wollaber, Dr. Steven R Gomez
10:40 - 10:50
Practitioner Talk 1 by Leo Meyerovich (Graphistry)
10:50 - 11:00
Practitioner Talk 2 by Robert Gove (Two Six Labs)
11:00 - 11:10
Practitioner Talk 3 by Younghoo Lee (Sophos)
11:10 - 11:30
Q&A for Practitioners by Leo Meyerovich, Robert Gove, and Younghoo Lee
11:30 - 12:00

Short Papers, Posters and Closing
moderated by Chris Bryan

12:00 - 12:20
Visualization for Spectators in Cybersecurity Competitions by Chao Peng, David Schwartz, Daryl Johnson Johnson, Bill Stackpole, Chad Weeden, Jacob Marcovecchio, Drake Richards, Chris Fogle, Christopher Brown, Victoria Walrond
12:20 - 12:35
Malware vs Anti-Malware Battle - Gotta Evade ‘em All by Emily J Chaffey, Dr Daniele Sgandurra
12:35 - 12:50
Interpretable Visualizations of Deep Neural Networks for Domain Generation Algorithm Detection by Franziska Becker, Arthur Drichel, Christoph Müller, Thomas Ertl
12:50 - 13:00
Poster Booster Session by Sean McKenna
13:00 - 13:10
Closing by Jörn Kohlhammer
13:10 - 13:30


Poster Session

The remote, interactive poster session will be held with the main IEEE VIS poster session on Wednesday, October 28th at 1:30-2:30 PM Mountain Time (USA). Accepted posters are:

Arcus Internet Disruption Dashboard and Report by Violet Lingenfelter, Robert Gove, Chae Clark, Anthony C Wong    Best Poster

Visualization for Cyber Security and Security Analysts’ Use of Visualizations: Is There a Gap? by Noëlle Rakotondravony, Lane Harrison

Visually Evaluating Courses of Action in a Contested Network Environment by Benjamin Blease, Jaime D Peña, Kenneth Alperin, Leslie Shing, Dr Allan Wollaber


Joshua Saxe

Joshua Saxe

Where visualization fits in the new cybersecurity landscape

The environment in which we practice cybersecurity has changed. Once the province of on-premise desktops and servers, organizations' IT infrastructure now consists of laptops, phones, software-as-a-service applications, and cloud servers, with this new environment creating new attack surfaces, and obviating old security technologies. Indeed, old product categories, like firewalls, are becoming less important, as traditional networks change, and new product categories, like endpoint detection and response products, have become central, as cybersecurity practitioners move to actively hunt for adversaries.

As visual analytics researchers, we need to understand and embrace this emerging IT and cybersecurity paradigm, designing our programs of research accordingly. But how do we do this without leaving the lessons of three decades of cyber visual analytics research behind? And how do we identify enduring problems that will survive continuing change in our problem space? My keynote will address these questions, describing the direction of the security product landscape and the accompanying new high impact research problems our field, all while keeping a view to what past experience can teach us about new problems.


Joshua Saxe is Chief Scientist at Sophos, where he leads the company's machine learning research, development, and operations. Joshua is also the author, with Hillary Sanders, of Malware Data Science, from No Starch Press, and is a frequent speaker at major security conferences. Before joining Sophos, Joshua spent 5 years leading DARPA funded cybersecurity research projects for the US government.

Diversity Scholarships

Thanks to the generous donations of our sponsors, we are delighted to announce that we will be offering several VizSec 2020 Diversity Scholarship awards to help cover the costs of full week registration.

Application Process

VizSec attendees may apply for the scholarships at:

VizSec 2020 Call for Papers

The 17th IEEE Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. VizSec will be held in conjunction with IEEE VIS, on Wednesday, October 28th 2020.

VizSec will take place during the main week of the IEEE VIS conference, giving VizSec authors and attendees enhanced access to IEEE VIS, the premier forum for advances in theory, methods, and applications of visualization and visual analytics. The purpose of VizSec is to explore effective and scalable visual interfaces for security domains such as network security, computer forensics, reverse engineering, insider threat detection, cryptography, privacy, user assisted attacks prevention, compliance management, wireless security, secure coding, and penetration testing.

Technical Papers

Full papers describing novel contributions in security visualization are solicited. Papers may present techniques, applications, theory, analysis, experiments, or evaluations. We encourage the submission of papers on technologies and methods that promise to improve cyber security practices, including, but not limited to:

  • Situation awareness and/or understanding
  • Incident handling including triage, exploration, correlation, and response
  • Computer forensics
  • Machine learning and explainable AI for cybersecurity
  • Adversarial machine learning visualization
  • Adversarial visualization
  • Visual analytics for cybersecurity
  • Data protection & privacy
  • Blockchain performance & security
  • Cybersecurity in critical infrastructure
  • Recording and reporting results of investigations
  • Assisting proactive security configuration and deployment
  • Reverse engineering and malware analysis
  • Vulnerability management
  • Multiple data source analysis
  • Analyzing information requirements for computer network defense
  • Evaluation and/or user testing of VizSec systems
  • Criteria for assessing the effectiveness of cyber security visualizations (whether from a security goal perspective or a human factors perspective)
  • Modeling system and network behavior
  • Modeling attacker and defender behavior
  • Studying risk and impact of cyber attacks
  • Predicting future attacks or targets
  • Security metrics
  • Software security
  • Mobile application security
  • Social networking privacy and security
  • Training & educationn

When applicable, visualization and interaction techniques that effectively capture the insights of human analysts and/or allow analysts to collaborate efficiently are particularly desirable.

Submissions including tests and evaluations of existing tools and techniques are also considered particularly desirable. If possible, making the data used for the tests available will also be considered positively. If you do not have real-world data to demonstrate your visualization, you may be interested in looking at the VizSec dataset links.

Short Papers

Short papers describing initial research results, concise research contributions or incremental work on the above topics, even including practical applications of security visualization, are solicited. We encourage the submission of papers discussing the introduction of cyber security visualizations into operational context, including, but not limited to:

  • Cases where visualization made positive contributions towards meeting operational needs
  • Gaps or negative outcomes from visualization deployments
  • Situations where visualization was not utilized, but could have had a positive impact
  • Lessons learned from operational engagements
  • Insights gained from the transition process

Cyber security practitioners from industry, as well as the research community, are encouraged to submit case studies.

Position Papers

This year we are introducing a new VizSec paper type of position papers. Position papers focus on topics needing or calling for discussion or reconsideration of forgotten topics relevant for the VizSec community. They should report a clear position on the target topic and should also suggest a proposal or actions regarding the target topic. They should stimulate imaginative and hypothesis-driven research. In particular, we encourage submissions both from researchers inside the visualization community and outside, such as researchers and practitioners from pure cybersecurity domains who currently do not broadly employ visualization in their work.


Poster submissions may showcase late-breaking results, work in progress, preliminary results, or visual representations relevant to the VizSec community. The poster program will be a great opportunity for the authors to interact with the attendees, potentially also through live demos, and solicit feedback. Accepted poster abstracts will be made available on this website.


There will be an award for the best paper from the accepted program. This award will be given to the paper judged to have the highest overall quality as determined by the program committee. Key elements of the selection process include whether papers include evaluation, repeatable results, and open-source data or software. Authors of the best paper will be invited for submission to Transactions on Visualization and Computer Graphics. Both full and short papers are eligible.

There will also be an award for Best Poster. This award will recognize authors’ efforts to clearly present their work to the audience. The award will be determined by anonymous judges and given to recipients at the end of the conference.


The VizSec 2020 Proceedings will be published by IEEE. Submissions must be formatted using the IEEE VGTC conference proceedings template that can be found at:

VizSec full papers are limited to 9 pages of content plus an additional 2 pages of references. Papers may be shorter than this but must make a similar contribution to a longer paper. Reviewers are not required to read the appendices or any pages past the maximum. Short papers should be at most 4 pages plus 1 page of references. Position papers may be up to 4 total pages including references. Posters should be 2 page abstracts.

Submissions not meeting these guidelines will be rejected without consideration of their merit. Reviews are single-blind, so authors may include names and affiliations in their submissions. Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Authors of accepted papers must guarantee that their papers will be presented at the conference.

VizSec uses the Precision Conference System (PCS) to handle paper and poster submissions and the reviewing processes.

Important Dates

All deadlines are 5:00 PM PST.

July 22 2020 (Extended!) Submissions due for Full, Short, and Position Papers

August 15 2020 Author notification for Full, Short, and Position Papers

August 31 2020 Camera ready submission and copyright forms

August 20 2020 Submissions due for Poster Abstracts

September 3 2020 Author notification for Posters

October 28 2020 VizSec 2020


Organizing Committee

Program Committee

  • Marco Angelini Sapienza University of Rome
  • Dustin Arendt Pacific Northwest National Laboratory
  • Daniel Best Pacific Northwest National Laboratory
  • Andrea Brennen I-Q-T
  • Chris Bryan Arizona State University
  • Bram Cappers University of Technology Eindhoven
  • Siming Chen Fraunhofer IAIS
  • Sophie Engle University of San Francisco
  • John Gerth Stanford University
  • Steven Gomez MIT
  • John Goodall Oak Ridge National Laboratory
  • Robert Gove Two Six Labs
  • Lane Harrison Worcester Polytechnic Institute
  • Christopher Humphries INRIA
  • Jörn Kohlhammer Fraunhofer IGD
  • Philip Legg University of the West of England
  • Laetitia Leichtnam CentraleSupélec
  • Frédéric Majorczyk DGA-MI
  • Raffael Marty Forcepoint
  • Chris Muelder Linked In
  • Stephen North Infovisible
  • Dipakkumar Pravin University of North Texas
  • Nicolas Prigent LSTI
  • Rosa Romero-Gómez Uncharted Field Services Corporation
  • Dennis Ross MIT
  • Noëlle Rakotondravony Worcester Polytechnic Institute
  • Giuseppe Santucci University of Rome "La Sapienza"
  • Christopher Simpson National University
  • Alison Smith-Renner University of Maryland, College Park
  • Awalin Sopan Sophos
  • Diane Staheli MIT Lincoln Laboratory
  • Sebastien Tricaud Devo
  • David Trimm U.S. Department of Defense
  • Xumeng Wang State Key Lab of CAD&CG, Zhejiang University

Steering Committee

  • Dustin Arendt Pacific Northwest National Laboratory
  • Dan Best Herjavec Group
  • Sophie Engle University of San Francisco
  • Robert Gove Two Six Labs
  • Lane Harrison Worcester Polytechnic Institute
  • Diane Staheli MIT Lincoln Laboratory