Skip to main content
SpringerLink
Log in

Visual Analytics for Cyber Security Domain: State-of-the-Art and Challenges

  • Conference paper
  • First Online:
Information and Software Technologies (ICIST 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1078))

Included in the following conference series:

Abstract

Visual Analytics is a complex sub-field of data analytics that concentrates on the use of the information visualization methods for facilitating effective analysis of data by employing visual and graphical representation. In cyber security domain, Effective visualization of the data allows to infer valuable insights that enable domain analysts to construct successful strategies to mitigate cyber attacks and provide decision support. We perform a survey of the state-of-the-art in the cyber security domain, analyze main challenges and discuss future trends. We summarize a large number of cyber security and digital forensics visualization works using the Five Question Method of Five W’s and How (Why, Who, What, How, When, and Where) approach as a methodological background. We perform analysis of the works using J. Bertin’s Semiotic Theory of Graphics, and VIS4ML ontology as a theoretical foundation of visual analytics. As a result, we formulate the main challenges for the development of this area of research in the future.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Keim, D., Andrienko, G., Fekete, J.-D., Görg, C., Kohlhammer, J., Melançon, G.: Visual analytics: definition, process, and challenges. In: Kerren, A., Stasko, J.T., Fekete, J.-D., North, C. (eds.) Information Visualization. LNCS, vol. 4950, pp. 154–175. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70956-5_7

    Chapter  Google Scholar 

  2. Shiravi, H., Shiravi, A., Ghorbani, A.A.: A survey of visualization systems for network security. IEEE Trans. Vis. Comput. Graph. 18(8), 1313–1329 (2012). https://doi.org/10.1109/tvcg.2011.144

    Article  Google Scholar 

  3. Fink, G.A., North, C.L., Endert, A., Rose, S.: Visualizing cyber security: usable workspaces. In: 2009 6th International Workshop on Visualization for Cyber Security. IEEE (2009). https://doi.org/10.1109/vizsec.2009.5375542

  4. Khanh Dang, T., Tri Dang, T.: A survey on security visualization techniques for web information systems. Int. J. Web Inf. Syst. 9(1), 6–31 (2013). https://doi.org/10.1108/17440081311316361

    Article  Google Scholar 

  5. Tianfield, H.: Cyber security situational awareness. In: 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (2016). https://doi.org/10.1109/ithings-greencom-cpscom-smartdata.2016.165

  6. Marty, R.: Cyber security: how visual analytics unlock insight. In: 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2013. ACM Press (2013). https://doi.org/10.1145/2487575.2491132

  7. McCaslin, M.L., Scott, K.W.: The five-question method for framing a qualitative research study. Qual. Rep. 8(3), 447–461 (2003)

    Google Scholar 

  8. Hohman, F.M., Kahng, M., Pienta, R., Chau, D.H.: Visual analytics in deep learning: An interrogative survey for the next frontiers. IEEE Trans. Vis. Comput. Graph. (2018). https://doi.org/10.1109/TVCG.2018.2843369

    Article  Google Scholar 

  9. Bertin, J.: Graphische Semiologie: Diagramme, Netze, Karten; Translated from the 2nd French Edition (1973). Walter de Gruyter, Berlin, Germany (1974). ISBN 3-11-003660-6

    Google Scholar 

  10. Störrle, H., Fish, A.: Towards an operationalization of the “Physics of Notations” for the analysis of visual languages. In: Moreira, A., Schätz, B., Gray, J., Vallecillo, A., Clarke, P. (eds.) MODELS 2013. LNCS, vol. 8107, pp. 104–120. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41533-3_7

    Chapter  Google Scholar 

  11. Sacha, D., Kraus, M., Keim, D.A., Chen, M.: VIS4ML: an ontology for visual analytics assisted machine learning. IEEE Trans. Vis. Comput. Graph. 25(1), 385–395 (2019). https://doi.org/10.1109/TVCG.2018.2864838

    Article  Google Scholar 

  12. Staheli, D., et al.: Visualization evaluation for cyber security. In: Eleventh Workshop on Visualization for Cyber Security, VizSec 2014. ACM Press (2014). https://doi.org/10.1145/2671491.2671492

  13. de Bruijn, H., Janssen, M.: Building cybersecurity awareness: the need for evidence-based framing strategies. Gov. Inf. Q. 34(1), 1–7 (2017). https://doi.org/10.1016/j.giq.2017.02.007

    Article  Google Scholar 

  14. Zheng, M., Robbins, H., Chai, Z., Thapa, P., Moore, T.: Cybersecurity research datasets: taxonomy and empirical analysis. In: 11th USENIX Conference on Cyber Security Experimentation and Test (CSET 2018), p. 2. USENIX Association, Berkeley (2018)

    Google Scholar 

  15. He, J., Chen, H., Chen, Y., Tang, X., Zou, Y.: Diverse visualization techniques and methods of moving-object-trajectory data: a review. ISPRS Int. J. Geo-Inf. 8(2), 63 (2019). https://doi.org/10.3390/ijgi8020063

    Article  Google Scholar 

  16. Kotenko, I., Novikova, E.: VisSecAnalyzer: a visual analytics tool for network security assessment. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 345–360. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40588-4_24

    Chapter  Google Scholar 

  17. Zhao, Y., Zhou, F., Fan, X., Liang, X., Liu, Y.: IDSRadar: a real-time visualization framework for IDS alerts. Sci. China Inf. Sci. 56(8), 1–12 (2013). https://doi.org/10.1007/s11432-013-4891-9

    Article  Google Scholar 

  18. Haggerty, J., Haggerty, S., Taylor, M.: Forensic triage of email network narratives through visualisation. Inf. Manag. Comput. Secur. 22(4), 358–370 (2014). https://doi.org/10.1108/IMCS-11-2013-0080

    Article  Google Scholar 

  19. Chen, V.Y., Razip, A.M., Ko, S., Qian, C.Z., Ebert, D.S.: Multi-aspect visual analytics on large-scale high-dimensional cyber security data. Inf. Vis. 14(1), 62–75 (2013). https://doi.org/10.1177/1473871613488573

    Article  Google Scholar 

  20. Liao, Q., Striegel, A., Chawla, N.: Visualizing graph dynamics and similarity for enterprise network security and management. In: 7th International Symposium on Visualization for Cyber Security (VizSec 2010), pp. 34–45 (2010). https://doi.org/10.1145/1850795.1850799

  21. McKenna, S., Staheli, D., Fulcher, C., Meyer, M.: BubbleNet: a cyber security dashboard for visualizing patterns. Comput. Graph. Forum 35(3), 281–290 (2016). https://doi.org/10.1111/cgf.12904

    Article  Google Scholar 

  22. Wongsuphasawat, K., Guerra Gómez, J.A., Plaisant, C., Wang, T., Taieb-Maimon, M., Shneiderman, B.: LifeFlow. In: Annual Conference Extended abstracts on Human Factors in Computing Systems - CHI EA 2011. ACM Press (2011). https://doi.org/10.1145/1979742.1979557

  23. McPherson, J., Ma, K.-L., Krystosk, P., Bartoletti, T., Christensen, M.: PortVis. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security - VizSEC/DMSEC 2004. ACM Press (2004). https://doi.org/10.1145/1029208.1029220

  24. Qiu, H.S.: Streaming data visualization for network security. Ph.D. thesis, Princeton University (2017)

    Google Scholar 

  25. Goodall, J.R.: Introduction to visualization for computer security. In: Goodall, J.R., Conti, G., Ma, K.L. (eds.) VizSEC 2007. Mathematics and Visualization, pp. 1–17. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78243-8_1

    Chapter  Google Scholar 

  26. Hu, H., Zhang, H., Liu, Y., Wang, Y.: Quantitative method for network security situation based on attack prediction. Secur. Commun. Netw. 2017, 19 (2017). https://doi.org/10.1155/2017/3407642. Article ID 3407642

    Article  Google Scholar 

  27. Scheepens, R., Michels, S., van de Wetering, H., van Wijk, J.J.: Rationale visualization for safety and security. Comput. Graph. Forum 34, 191–200 (2015)

    Article  Google Scholar 

  28. Angelini, M., Blasilli, G., Lenti, S., Santucci, G.: Visual exploration and analysis of the Italian cybersecurity framework. In: Workshop on Advanced Visual Interfaces AVI (2018). https://doi.org/10.1145/3206505.3206579

  29. Furmanova, K., et al.: Taggle: Combining Overview and Details in Tabular Data Visualizations, 14 p. (2019). arXiv:1712.05944v3 [cs.HC]

  30. Tillekens, A., Le-Khac, N.-A., Thi, T.T.P.: A Bespoke forensics GIS tool. In: 2016 International Conference on Computational Science and Computational Intelligence, pp. 987–992. IEEE (2016). https://doi.org/10.1109/csci.2016.188

  31. Aldwairi, M., Alsaadi, H.H.: FLUKES: autonomous log forensics, intelligence and visualization tool. In: Proceedings of ICFNDS 2017, Cambridge, United Kingdom, 19–20 July 2017, 6 p. (2017). https://doi.org/10.1145/3102304.3102337

  32. Tuncel, M.A., Francis, H., Taylor, M., Jones, D.L.: Visualdrives forensic tool. In: International Conference on Developments of E-Systems Engineering (DeSE), Burj Khalifa, Dubai, United Arab Emirates, 13–15 December 2015. https://doi.org/10.1109/dese.2015.68

  33. Hales, G., Ferguson, I., Archibald, J.: Insight: an application of information visualisation techniques to digital forensics investigations. Int. J. Cyber Situat. Aware. 2(1), 100–118 (2017)

    Article  Google Scholar 

  34. Olsson, J., Boldt, M.: Computer forensic timeline visualization tool. Digit. Investig., S78–S87 (2009). https://doi.org/10.1016/j.diin.2009.06.008

    Article  Google Scholar 

  35. McKenna, S., Staheli, D., Fulcher, C., Meyer, M.: BubbleNet: a cyber security dashboard for visualizing patterns. In: Eurographics Conference on Visualization (EuroVis), vol. 35(3), pp. 281–290 (2016). https://doi.org/10.1111/cgf.12904

    Article  Google Scholar 

  36. Leschke, T.R., Nicholas, C.: Change-Link 2.0: a digital forensic tool for visualizing changes to shadow volume data. In: VizSec 2013, Atlanta, GA, USA, 14 October 2013, pp. 17–24 (2013)

    Google Scholar 

  37. Catanese, S.A., Fiumara, G.: A visual tool for forensic analysis of mobile phone traffic. In: MiFOR 2010, Firenze, Italy, 29 October 2010, pp. 71–76 (2010)

    Google Scholar 

  38. Goswami, A., Mohapatra, D.P., Zhai, C.: Qu antifying and visualizing the demand and supply gap from e-commerce search data using topic models. In: WWW 2019 Companion, San Francisco, CA, USA, 13–17 May 2019, pp. 348–353 (2019)

    Google Scholar 

  39. Le, T.V.M., Akoglu, L.: ContraVis: contrastive and visual topic modeling for comparing document collections. In: Proceedings of the 2019 World Wide Web Conference (WWW 2019), San Francisco, CA, USA, 13–17 May 2019, 11 p. ACM, New York (2019). https://doi.org/10.1145/3308558.3313617

  40. Yang, F., et al.: XFake: explainable fake news detector with visualizations. In: WWW 2019, San Francisco, CA, USA, 13–17 May 2019. https://doi.org/10.1145/3308558.3314119

  41. Fittkau, F., Krause, A., Hasselbring, W.: Software landscape and application visualization or system comprehension with ExplorViz. Inf. Softw. Technol. 87(2017), 259–277 (2017). https://doi.org/10.1016/j.infsof.2016.07.004

    Article  Google Scholar 

  42. Vallentin, M., Paxson, V., Sommer, R.: VAST: a unified platform for interactive network forensics. In: 13th Usenix Conference on Networked Systems Design and Implementation (NSDI 2016), pp. 345–362. USENIX Association, Berkeley (2016)

    Google Scholar 

  43. Baráth, J., Harakaľ, M.: Protocols for exchange of cyber security information. In: Security and Protection of Information (2013)

    Google Scholar 

  44. Bonneau, G.-P., Hege, H.-C., Johnson, C.R., Oliveira, M.M., Potter, K., Rheingans, P., Schultz, T.: Overview and state-of-the-art of uncertainty visualization. In: Hansen, Charles D., Chen, M., Johnson, C.R., Kaufman, A.E., Hagen, H. (eds.) Scientific Visualization. MV, pp. 3–27. Springer, London (2014). https://doi.org/10.1007/978-1-4471-6497-5_1

    Chapter  Google Scholar 

  45. Zhong, Z., et al.: A user-centered multi-space collaborative visual analysis for cyber security. Chin. J. Electron. 27(5), 910–919 (2018). https://doi.org/10.1049/cje.2017.09.021

    Article  Google Scholar 

  46. Kabil, A., Duval, T., Cuppens, N., Le Comte, G., Halgand, Y., et al.: Why should we use 3D collaborative virtual environments for cyber security? In: IEEE 4th VR International Workshop on Collaborative Virtual Environments (IEEEVR 2018) (2018)

    Google Scholar 

  47. Erbacher, R.F., Frincke, D.A., Wong, P.C., Moody, S., Fink, G.: A multi-phase network situational awareness cognitive task analysis. Inf. Vis. 9, 204–219 (2010)

    Article  Google Scholar 

  48. Angelini, M., Santucci, G.: Cyber situational awareness: from geographical alerts to high-level management. J. Vis. 20(3), 453–459 (2017). https://doi.org/10.1007/s12650-016-0377-3

    Article  Google Scholar 

  49. Nielsen, J.: Usability Engineering. Academic Press, London (1993)

    Book  Google Scholar 

  50. Dasgupta, A., Arendt, D.L., Franklin, L.R., Wong, P.C., Cook, K.A.: Human factors in streaming data analysis: challenges and opportunities for information visualization. Comput. Graph. Forum 37(1), 254–272 (2018). https://doi.org/10.1111/cgf.13264

    Article  Google Scholar 

Download references

Acknowledgement

This paper is supported in part by European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 830892, project “Strategic programs for advanced research and technology in Europe” (SPARTA).

Author information

Authors and Affiliations

  1. Department of Computer Science, Kaunas University of Technology, Kaunas, Lithuania

    Robertas Damaševičius, Jevgenijus Toldinas, Algimantas Venčkauskas, Šarūnas Grigaliūnas, Nerijus Morkevičius & Vaidas Jukavičius

Authors
  1. Robertas Damaševičius
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jevgenijus Toldinas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Algimantas Venčkauskas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Šarūnas Grigaliūnas
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Nerijus Morkevičius
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Vaidas Jukavičius
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Robertas Damaševičius .

Editor information

Editors and Affiliations

  1. Kaunas University of Technology, Kaunas, Lithuania

    Robertas Damaševičius

  2. Kaunas University of Technology, Kaunas, Lithuania

    Giedrė Vasiljevienė

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Damaševičius, R., Toldinas, J., Venčkauskas, A., Grigaliūnas, Š., Morkevičius, N., Jukavičius, V. (2019). Visual Analytics for Cyber Security Domain: State-of-the-Art and Challenges. In: Damaševičius, R., Vasiljevienė, G. (eds) Information and Software Technologies. ICIST 2019. Communications in Computer and Information Science, vol 1078. Springer, Cham. https://doi.org/10.1007/978-3-030-30275-7_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30275-7_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30274-0

  • Online ISBN: 978-3-030-30275-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation