Retrospective on a decade of research in visualization for cybersecurity

Over the past decade, the visualization for cybersecurity (VizSec) research community has adapted many information visualization techniques to support the critical work of cyber analysts. While these efforts have yielded many specialized tools and platforms, the community lacks a unified approach to the design and implementation of these systems. In this work, we provide a retrospective analysis of the past decade of VizSec publications, with an eye toward developing a more cohesive understanding of the emerging patterns of design at work in our community. We identify common thematic groupings among existing work, as well as several interesting patterns of design around the utilization of various visual encodings. We also discuss existing gaps in the adaptation of information visualization techniques to cybersecurity applications, and recommend avenues for future exploration.

[1]  Dieter Fensel,et al.  It's a Streaming World! Reasoning upon Rapidly Changing Information , 2009, IEEE Intelligent Systems.

[2]  Christophe Bidan,et al.  CORGI: combination, organization and reconstruction through graphical interactions , 2014, VizSec '14.

[3]  Ben Shneiderman,et al.  The eyes have it: a task by data type taxonomy for information visualizations , 1996, Proceedings 1996 IEEE Symposium on Visual Languages.

[4]  Ying Zhu,et al.  A Task Centered Framework for Computer Security Data Visualization , 2008, VizSEC.

[5]  William Yurcik,et al.  Closing-the-loop in NVisionIP: integrating discovery and search in security visualizations , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[6]  Robert Gove,et al.  Detecting malware samples with similar image sets , 2014, VizSEC.

[7]  Gregory J. Conti,et al.  Visual Reverse Engineering of Binary and Data Files , 2008, VizSEC.

[8]  Robert F. Erbacher Visualization design for immediate high-level situational assessment , 2012, VizSec '12.

[9]  William Yurcik,et al.  NVisionCC: a visualization framework for high performance cluster security , 2004, VizSEC/DMSEC '04.

[10]  William Yurcik,et al.  Tool update: visflowconnect-IP with advanced filtering from usability testing , 2006, VizSEC '06.

[11]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[12]  R. Jordan Crouser,et al.  Online Submission ID: 200 An Affordance-Based Framework for Human Computation and Human-Computer Collaboration , 2022 .

[13]  Gregory J. Conti,et al.  Visual exploration of malicious network objects using semantic zoom, interactive encoding and dynamic queries , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[14]  Kulsoom Abdullah,et al.  Passive visual fingerprinting of network attack tools , 2004, VizSEC/DMSEC '04.

[15]  Felix C. Freiling,et al.  Visual analysis of malware behavior using treemaps and thread graphs , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[16]  Robert Gove,et al.  SEEM: a scalable visualization for comparing multiple large sets of attributes for malware analysis , 2014, VizSEC.

[17]  Lane Harrison,et al.  Interactive detection of network anomalies via coordinated multiple views , 2010, VizSec '10.

[18]  Alex Endert,et al.  7 key challenges for visualization in cyber network defense , 2014, VizSEC.

[19]  Giuseppe Santucci,et al.  PERCIVAL: proactive and reactive attack and response assessment for cyber incidents using visual analytics , 2015, 2015 IEEE Symposium on Visualization for Cyber Security (VizSec).

[20]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.

[21]  Ying Zhu,et al.  Measuring the Complexity of Computer Security Visualization Designs , 2007, VizSEC.

[22]  Michael D. Iannacone,et al.  NV: Nessus vulnerability visualization for the web , 2012, VizSec '12.

[23]  Thomas Ertl,et al.  OCEANS: online collaborative explorative analysis on network security , 2014, VizSec '14.

[24]  William Yurcik Tool update: NVisionIP improvements (difference view, sparklines, and shapes) , 2006, VizSEC '06.

[25]  Richard Lippmann,et al.  GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool , 2008, VizSEC.

[26]  Jeffrey C. Carver,et al.  Show Me How You See: Lessons from Studying Computer Forensics Experts for Visualization , 2008, VizSEC.

[27]  Lorie M. Liebrock,et al.  Visualizing compiled executables for malware analysis , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[28]  InSeon Yoo,et al.  Visualizing windows executable viruses using self-organizing maps , 2004, VizSEC/DMSEC '04.

[29]  Juan Enrique Ramos,et al.  Using TF-IDF to Determine Word Relevance in Document Queries , 2003 .

[30]  Yifan Li,et al.  VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.

[31]  Yacin Nadji,et al.  MalwareVis: entity-based visualization of malware network traces , 2012, VizSec '12.

[32]  Steven T Piantadosi,et al.  Word lengths are optimized for efficient communication , 2011, Proceedings of the National Academy of Sciences.

[33]  Lane Harrison,et al.  Visualization evaluation for cyber security: trends and future directions , 2014, VizSEC.

[34]  Philip A. Legg,et al.  Visualizing the insider threat: challenges and tools for identifying malicious user activity , 2015, 2015 IEEE Symposium on Visualization for Cyber Security (VizSec).

[35]  Joshua Saxe,et al.  Visualization of shared system call sequence relationships in large malware corpora , 2012, VizSec '12.

[36]  Richard Lippmann,et al.  An Interactive Attack Graph Cascade and Reachability Display , 2007, VizSEC.

[37]  Ed H. Chi,et al.  A taxonomy of visualization techniques using the data state reference model , 2000, IEEE Symposium on Information Visualization 2000. INFOVIS 2000. Proceedings.

[38]  Christopher G. Healey,et al.  Flexible web visualization for alert-based network security analytics , 2013, VizSec '13.

[39]  Diane Staheli,et al.  Unlocking user-centered design methods for building cyber security visualizations , 2015, 2015 IEEE Symposium on Visualization for Cyber Security (VizSec).

[40]  Min Chen,et al.  Multiple queries with conditional attributes (QCATs) for anomaly detection and visualization , 2014, VizSEC.

[41]  Christopher G. Healey,et al.  Ensemble visualization for cyber situation awareness of network security data , 2015, 2015 IEEE Symposium on Visualization for Cyber Security (VizSec).

[42]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.

[43]  Wolfgang Aigner,et al.  Problem characterization and abstraction for visual analytics in behavior-based malware pattern analysis , 2014, VizSEC.