Visual Analytics for Cyber Security Domain: State-of-the-Art and Challenges

Visual Analytics is a complex sub-field of data analytics that concentrates on the use of the information visualization methods for facilitating effective analysis of data by employing visual and graphical representation. In cyber security domain, Effective visualization of the data allows to infer valuable insights that enable domain analysts to construct successful strategies to mitigate cyber attacks and provide decision support. We perform a survey of the state-of-the-art in the cyber security domain, analyze main challenges and discuss future trends. We summarize a large number of cyber security and digital forensics visualization works using the Five Question Method of Five W’s and How (Why, Who, What, How, When, and Where) approach as a methodological background. We perform analysis of the works using J. Bertin’s Semiotic Theory of Graphics, and VIS4ML ontology as a theoretical foundation of visual analytics. As a result, we formulate the main challenges for the development of this area of research in the future.

[1]  John R. Goodall,et al.  Introduction to Visualization for Computer Security , 2007, VizSEC.

[2]  Giacomo Fiumara,et al.  A visual tool for forensic analysis of mobile phone traffic , 2010, MiFor '10.

[3]  Mark Taylor,et al.  Visualdrives Forensic Tool , 2015, 2015 International Conference on Developments of E-Systems Engineering (DeSE).

[4]  Manuel Menezes de Oliveira Neto,et al.  Overview and State-of-the-Art of Uncertainty Visualization , 2014, Scientific Visualization.

[5]  Mark John Taylor,et al.  Forensic triage of email network narratives through visualisation , 2014, Inf. Manag. Comput. Secur..

[6]  Leman Akoglu,et al.  ContraVis: Contrastive and Visual Topic Modeling for Comparing Document Collections , 2019, WWW.

[7]  Fan Yang,et al.  XFake: Explainable Fake News Detector with Visualizations , 2019, WWW.

[8]  Charles K. Nicholas,et al.  Change-link 2.0: a digital forensic tool for visualizing changes to shadow volume data , 2013, VizSec '13.

[9]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[10]  Marijn Janssen,et al.  Building Cybersecurity Awareness: The need for evidence-based framing strategies , 2017, Gov. Inf. Q..

[11]  Tran Khanh Dang,et al.  A survey on security visualization techniques for web information systems , 2013, Int. J. Web Inf. Syst..

[12]  Jacques Bertin,et al.  Graphische Semiologie: Diagramme, Netze, Karten , 2010 .

[13]  Daniel A. Keim,et al.  Visual Analytics: Definition, Process, and Challenges , 2008, Information Visualization.

[14]  Giuseppe Santucci,et al.  Visual exploration and analysis of the italian cybersecurity framework , 2018, AVI.

[15]  Vern Paxson,et al.  VAST: A Unified Platform for Interactive Network Forensics , 2016, NSDI.

[16]  Chris North,et al.  Visualizing cyber security: Usable workspaces , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[17]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[18]  Hao Hu,et al.  Quantitative Method for Network Security Situation Based on Attack Prediction , 2017, Secur. Commun. Networks.

[19]  Karen Wilson Scott,et al.  The Five-Question Method For Framing A Qualitative Research Study , 2003 .

[20]  Deborah A. Frincke,et al.  A Multi-Phase Network Situational Awareness Cognitive Task Analysis , 2010, Inf. Vis..

[21]  Martin Boldt,et al.  Computer forensic timeline visualization tool , 2009 .

[22]  Lyndsey Franklin,et al.  Human Factors in Streaming Data Analysis: Challenges and Opportunities for Information Visualization , 2017, Comput. Graph. Forum.

[23]  Cheryl Z. Qian,et al.  Multi-aspect visual analytics on large-scale high-dimensional cyber security data , 2015, Inf. Vis..

[24]  Giuseppe Santucci,et al.  Cyber situational awareness: from geographical alerts to high-level management , 2017, J. Vis..

[25]  Min Chen,et al.  VIS4ML: An Ontology for Visual Analytics Assisted Machine Learning , 2019, IEEE Transactions on Visualization and Computer Graphics.

[26]  Gavin Hales,et al.  Insight: An Application of Information Visualisation Techniques to Digital Forensics Investigations , 2017, Int. J. Cyber Situational Aware..

[27]  Igor V. Kotenko,et al.  VisSecAnalyzer: A Visual Analytics Tool for Network Security Assessment , 2013, CD-ARES Workshops.

[28]  Yi Wang,et al.  Vector morphological operators in HSV color space , 2011, Science China Information Sciences.

[29]  Xinming Tang,et al.  Diverse Visualization Techniques and Methods of Moving-Object-Trajectory Data: A Review , 2019, ISPRS Int. J. Geo Inf..

[30]  Ben Shneiderman,et al.  LifeFlow: visualizing an overview of event sequences (video preview) , 2011, CHI EA '11.

[31]  Lane Harrison,et al.  Visualization evaluation for cyber security: trends and future directions , 2014, VizSEC.

[32]  Monther Aldwairi,et al.  FLUKES: Autonomous Log Forensics, Intelligence and Visualization Tool , 2017, ICFNDS.

[33]  Xiaoping Fan,et al.  IDSRadar: a real-time visualization framework for IDS alerts , 2012, Science China Information Sciences.

[34]  Kwan-Liu Ma,et al.  PortVis: a tool for port-based detection of security events , 2004, VizSEC/DMSEC '04.

[35]  Prasant Mohapatra,et al.  Quantifying and Visualizing the Demand and Supply Gap from E-commerce Search Data using Topic Models , 2019, WWW.

[36]  Jarke J. van Wijk,et al.  Rationale Visualization for Safety and Security , 2015, Comput. Graph. Forum.

[37]  Nitesh V. Chawla,et al.  Visualizing graph dynamics and similarity for enterprise network security and management , 2010, VizSec '10.

[38]  Tyler Moore,et al.  Cybersecurity Research Datasets: Taxonomy and Empirical Analysis , 2018, CSET @ USENIX Security Symposium.

[39]  Diane Staheli,et al.  BubbleNet: A Cyber Security Dashboard for Visualizing Patterns , 2016, Comput. Graph. Forum.

[40]  Thierry Duval,et al.  Why should we use 3D Collaborative Virtual Environments for Cyber Security? , 2018, 2018 IEEE Fourth VR International Workshop on Collaborative Virtual Environments (3DCVE).

[41]  Raffael Marty Cyber security: how visual analytics unlock insight , 2013, KDD.

[42]  Dan Lin,et al.  A User-Centered Multi-space Collaborative Visual Analysis for Cyber Security , 2018 .

[43]  Huaglory Tianfield Cyber Security Situational Awareness , 2016, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[44]  Wilhelm Hasselbring,et al.  Software landscape and application visualization for system comprehension with ExplorViz , 2017, Inf. Softw. Technol..

[45]  Nhien-An Le-Khac,et al.  A Bespoke Forensics GIS Tool , 2016, 2016 International Conference on Computational Science and Computational Intelligence (CSCI).

[46]  Minsuk Kahng,et al.  Visual Analytics in Deep Learning: An Interrogative Survey for the Next Frontiers , 2018, IEEE Transactions on Visualization and Computer Graphics.

[47]  Jakob Nielsen,et al.  Chapter 4 – The Usability Engineering Lifecycle , 1993 .

[48]  Andrew Fish,et al.  Towards an Operationalization of the "Physics of Notations" for the Analysis of Visual Languages , 2013, MoDELS.