STARLORD: Linked security data exploration in a 3D graph

In this paper, we present a novel model and visualization approach for heterogeneous sources of data. We represent our data by using a model inspired by STIX. Then, we use clustering algorithms to select interesting information to explore in a visualization panel. The visualization is based on a 3D graph representation that highlights the link between malicious event and allows to focus on relevant security artifacts. We illustrate our approach with two case studies using datasets containing network capture of the wannacry attack.