Skip to main content
SpringerLink
Log in
Book cover

Data Analytics and Decision Support for Cybersecurity pp 243–270Cite as

Visualization and Data Provenance Trends in Decision Support for Cybersecurity

  • Chapter
  • First Online:

Part of the book series: Data Analytics ((DAANA))

Abstract

The vast amount of data collected daily from logging mechanisms on web and mobile applications lack effective analytic approaches to provide insights for cybersecurity. Current analytical time taken to identify zero-day attacks and respond with a patch or detection mechanism is unmeasurable. This is a current challenge and struggle for cybersecurity researchers. User- and data provenance-centric approaches are the growing trend in aiding defensive and offensive decisions on cyber-attacks. In this chapter we introduce (1) our Security Visualization Standard (SCeeL-VisT); (2) the Security Visualization Effectiveness Measurement (SvEm) Theory; (3) the concept of Data Provenance as a Security Visualization Service (DPaaSVS); and (4) highlight growing trends of using data provenance methodologies and security visualization methods to aid data analytics and decision support for cyber security. Security visualization showing provenance from a spectrum of data samples on an attack helps researchers to reconstruct the attack from source to destination. This helps identify possible attack patterns and behaviors which results in the creation of effective detection mechanisms and cyber-attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   139.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Bitcoin is a distributed, decentralized crypto-currency, which implicitly defined and implemented Nakamoto consensus.

  2. 2.

    Blockchain is a public ledger of all Bitcoin transactions that have executed in a linear and chronological order.

  3. 3.

    The Security Visualization effectiveness Measurement theory designed for mobile platforms is measured in percent (%) provides a way to measure clarity and visibility in a given security visualization.

References

  1. Orebaugh, Angela, Gilbert Ramirez, and Jay Beale. Wireshark & Ethereal network protocol analyzer toolkit. Syngress, 2006.

    Google Scholar 

  2. Wang, Shaoqiang, DongSheng Xu, and ShiLiang Yan. “Analysis and application of Wireshark in TCP/IP protocol teaching.” In E-Health Networking, Digital Ecosystems and Technologies (EDT), 2010 International Conference on, vol. 2, pp. 269–272. IEEE, 2010.

    Google Scholar 

  3. Patcha, Animesh, and Jung-Min Park. “An overview of anomaly detection techniques: Existing solutions and latest technological trends.” Computer networks 51, no. 12 (2007): 3448–3470.

    Article  Google Scholar 

  4. Yan, Ye, Yi Qian, Hamid Sharif, and David Tipper. “A Survey on Cyber Security for Smart Grid Communications.” IEEE Communications Surveys and tutorials 14, no. 4 (2012): 998–1010.

    Article  Google Scholar 

  5. Tan, Yu Shyang, Ryan KL Ko, and Geoff Holmes. “Security and data accountability in distributed systems: A provenance survey.” In High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing (HPCC_EUC), 2013 IEEE 10th International Conference on, pp. 1571–1578. IEEE, 2013.

    Google Scholar 

  6. Suen, Chun Hui, Ryan KL Ko, Yu Shyang Tan, Peter Jagadpramana, and Bu Sung Lee. “S2logger: End-to-end data tracking mechanism for cloud data provenance.” In Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on, pp. 594–602. IEEE, 2013.

    Google Scholar 

  7. Ko, Ryan KL, and Mark A. Will. “Progger: an efficient, Tamper-evident Kernel-space logger for cloud data provenance tracking.” In Cloud Computing (CLOUD), 2014 IEEE 7th International Conference on, pp. 881–889. IEEE, 2014.

    Google Scholar 

  8. Bishop, Matt. “Analysis of the ILOVEYOU Worm.” Internet: http://nob.cs.ucdavis.edu/classes/ecs155-2005-04/handouts/iloveyou.pdf (2000).

  9. D. Kushner, The Real Story of Stuxnet, IEEE Spectrum: Technology, Engineering, and Science News, 26-Feb-2013. [Online]. Available: http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet.

  10. A. K. Z. K. Z. Security, An Unprecedented Look at Stuxnet, the Worlds First Digital Weapon, WIRED. [Online]. Available: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/.

  11. Rigby, Darrell, and Barbara Bilodeau. “Management tools & trends 2011.” Bain & Company Inc (2011).

    Google Scholar 

  12. Bonner, Lance. “Cyber Risk: How the 2011 Sony Data Breach and the Need for Cyber Risk Insurance Policies Should Direct the Federal Response to Rising Data Breaches.” Wash. UJL & Pol’y 40 (2012): 257.

    Google Scholar 

  13. Siadati, Hossein, Bahador Saket, and Nasir Memon. “Detecting malicious logins in enterprise networks using visualization.” In Visualization for Cyber Security (VizSec), 2016 IEEE Symposium on, pp. 1–8. IEEE, 2016.

    Google Scholar 

  14. Gove, Robert. “V3SPA: A visual analysis, exploration, and diffing tool for SELinux and SEAndroid security policies.” In Visualization for Cyber Security (VizSec), 2016 IEEE Symposium on, pp. 1–8. IEEE, 2016.

    Google Scholar 

  15. Rees, Loren Paul, Jason K. Deane, Terry R. Rakes, and Wade H. Baker. “Decision support for cybersecurity risk planning.” Decision Support Systems 51, no. 3 (2011): 493–505.

    Google Scholar 

  16. Teoh, Soon Tee, Kwan-Liu Ma, and S. Felix Wu. “A visual exploration process for the analysis of internet routing data.” In Proceedings of the 14th IEEE Visualization 2003 (VIS’03), p. 69. IEEE Computer Society, 2003.

    Google Scholar 

  17. Wang, Lingyu, Sushil Jajodia, Anoop Singhal, and Steven Noel. “k-zero day safety: Measuring the security risk of networks against unknown attacks.” In European Symposium on Research in Computer Security, pp. 573–587. Springer Berlin Heidelberg, 2010.

    Google Scholar 

  18. Mansfield-Devine, Steve. “Ransomware: taking businesses hostage.” Network Security 2016, no. 10 (2016): 8–17.

    Article  Google Scholar 

  19. Sgandurra, Daniele, Luis Muñoz-González, Rabih Mohsen, and Emil C. Lupu. “Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection.” arXiv preprint arXiv:1609.03020 (2016).

    Google Scholar 

  20. Davis, Thad A., Michael Li-Ming Wong, and Nicola M. Paterson. “The Data Security Governance Conundrum: Practical Solutions and Best Practices for the Boardroom and the C-Suite.” Colum. Bus. L. Rev. (2015): 613.

    Google Scholar 

  21. L. Widmer, The 10 Most Expensive Data Breaches | Charles Leach, 23-Jun-2015. [Online]. Available: http://leachagency.com/the-10-most-expensive-data-breaches/.

  22. J. Garae, R. K. L. Ko, and S. Chaisiri, UVisP: User-centric Visualization of Data Provenance with Gestalt Principles, in 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, China, August 23–26, 2016, 2016, pp. 1923–1930.

    Google Scholar 

  23. Zhang, Olive Qing, Markus Kirchberg, Ryan KL Ko, and Bu Sung Lee. “How to track your data: The case for cloud computing provenance.” In Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on, pp. 446–453. IEEE, 2011.

    Google Scholar 

  24. Microsoft, 2016 Trends in Cybersecurity: A quick Guide to the Most Important Insights in Security, 2016. [Online]. Available: https://info.microsoft.com/rs/157-GQE-382/images/EN-MSFT-SCRTY-CNTNT-eBook-cybersecurity.pdf.

  25. Chen, Hsinchun, Roger HL Chiang, and Veda C. Storey. “Business intelligence and analytics: From big data to big impact.” MIS quarterly 36, no. 4 (2012): 1165–1188.

    Google Scholar 

  26. Durumeric, Zakir, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicolas Weaver et al. “The matter of heartbleed.” In Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM, 2014.

    Google Scholar 

  27. Mahmood, Tariq, and Uzma Afzal. “Security analytics: Big data analytics for cybersecurity: A review of trends, techniques and tools.” In Information assurance (ncia), 2013 2nd national conference on, pp. 129–134. IEEE, 2013.

    Google Scholar 

  28. Talia, Domenico. “Toward cloud-based big-data analytics.” IEEE Computer Science (2013): 98–101.

    Google Scholar 

  29. C. Pettey and R. Van der Meulen, Gartner Reveals Top Predictions for IT Organizations and Users for 2012 and Beyond, 01-Dec-2011. [Online]. Available: http://www.gartner.com/newsroom/id/1862714. [Accessed:01-Feb-2017].

  30. Kambatla, Karthik, Giorgos Kollias, Vipin Kumar, and Ananth Grama. “Trends in big data analytics.” Journal of Parallel and Distributed Computing 74, no. 7 (2014): 2561–2573.

    Article  Google Scholar 

  31. Simmhan, Yogesh, Saima Aman, Alok Kumbhare, Rongyang Liu, Sam Stevens, Qunzhi Zhou, and Viktor Prasanna. “Cloud-based software platform for big data analytics in smart grids.” Computing in Science & Engineering 15, no. 4 (2013): 38–47.

    Article  Google Scholar 

  32. Cuzzocrea, Alfredo, Il-Yeol Song, and Karen C. Davis. “Analytics over large-scale multidimensional data: the big data revolution!.” In Proceedings of the ACM 14th international workshop on Data Warehousing and OLAP, pp. 101–104. ACM, 2011.

    Google Scholar 

  33. Ericsson, Gran N. “Cyber security and power system communication essential parts of a smart grid infrastructure.” IEEE Transactions on Power Delivery 25, no. 3 (2010): 1501–1507.

    Google Scholar 

  34. Khurana, Himanshu, Mark Hadley, Ning Lu, and Deborah A. Frincke. “Smart-grid security issues.” IEEE Security & Privacy 8, no. 1 (2010).

    Google Scholar 

  35. Bejtlich, Richard. The practice of network security monitoring: understanding incident detection and response. No Starch Press, 2013.

    Google Scholar 

  36. Desai, Anish, Yuan Jiang, William Tarkington, and Jeff Oliveto. “Multi-level and multi-platform intrusion detection and response system.” U.S. Patent Application 10/106,387, filed March 27, 2002.

    Google Scholar 

  37. Mell, Peter, and Tim Grance. “The NIST definition of cloud computing.” (2011).

    Book  Google Scholar 

  38. Burger, Eric W., Michael D. Goodman, Panos Kampanakis, and Kevin A. Zhu. “Taxonomy model for cyber threat intelligence information exchange technologies.” In Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, pp. 51–60. ACM, 2014.

    Google Scholar 

  39. Barnum, Sean. “Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX).” MITRE Corporation 11 (2012).

    Google Scholar 

  40. O’Toole Jr, James W. “Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device.” U.S. Patent 7,024,548, issued April 4, 2006.

    Google Scholar 

  41. Gerace, Thomas A. “Method and apparatus for determining behavioral profile of a computer user.” U.S. Patent 5,848,396, issued December 8, 1998.

    Google Scholar 

  42. Gu, Tao, Hung Keng Pung, and Da Qing Zhang. “Toward an OSGi-based infrastructure for context-aware applications.” IEEE Pervasive Computing 3, no. 4 (2004): 66–74.

    Google Scholar 

  43. Anderson, Douglas D., Mary E. Anderson, Carol Oman Urban, and Richard H. Urban. “Debit card fraud detection and control system.” U.S. Patent 5,884,289, issued March 16, 1999.

    Google Scholar 

  44. Camhi, Elie. “System for the security and auditing of persons and property.” U.S. Patent 5,825,283, issued October 20, 1998.

    Google Scholar 

  45. L. Widmer, The 10 Most Expensive Data Breaches | Charles Leach, 23-Jun-2015. [Online]. Available: http://leachagency.com/the-10-most-expensive-data-breaches/.

  46. SINET Announces 16 Most Innovative Cybersecurity Technologies of 2016 | Business Wire, 19-Sep-2016. [Online]. Available: http://www.businesswire.com/news/home/20160919006353/en/SINET-Announces-16-Innovative-Cybersecurity-Technologies-2016.

  47. C. Pettey and R. Van der Meulen, Gartner Reveals Top Predictions for IT Organizations and Users for 2012 and Beyond, 01-Dec-2011. [Online]. Available: http://www.gartner.com/newsroom/id/1862714.

  48. C. Heinl and E. EG Tan, Cybersecurity: Emerging Issues, Trends, Technologies and Threats in 2015 and Beyond. [Online]. Available: https://www.rsis.edu.sg/wp-content/uploads/2016/04/RSIS$_$Cybersecurity$_$EITTT2015.pdf.

  49. Kavitha, T., and D. Sridharan. “Security vulnerabilities in wireless sensor networks: A survey.” Journal of information Assurance and Security 5, no. 1 (2010): 31–44.

    Google Scholar 

  50. B. Donohue, Hot Technologies in Cyber Security, Cyber Degrees, 03-Dec-2014.

    Google Scholar 

  51. Jeong, Jongil, Dongkyoo Shin, Dongil Shin, and Kiyoung Moon. “Java-based single sign-on library supporting SAML (Security Assertion Markup Language) for distributed Web services.” In Asia-Pacific Web Conference, pp. 891–894. Springer Berlin Heidelberg, 2004.

    Google Scholar 

  52. Gro, Thomas. “Security analysis of the SAML single sign-on browser/artifact profile.” In Computer Security Applications Conference, 2003. Proceedings. 19th Annual, pp. 298–307. IEEE, 2003.

    Google Scholar 

  53. Rees, Loren Paul, Jason K. Deane, Terry R. Rakes, and Wade H. Baker. “Decision support for cybersecurity risk planning.” Decision Support Systems 51, no. 3 (2011): 493–505.

    Google Scholar 

  54. T. Reuille, OpenGraphiti: Data Visualization Framework, 05-Aug-2014. [Online]. Available: http://www.opengraphiti.com/.

  55. McKenna, S., Staheli, D., Fulcher, C. and Meyer, M. (2016), BubbleNet: A Cyber Security Dashboard for Visualizing Patterns. Computer Graphics Forum, 35: 281–290. doi:10.1111/cgf.12904

    Article  Google Scholar 

  56. Linkurious, Linkurious - Linkurious - Understand the connections in your data, 2016. [Online]. Available: https://linkurio.us/.

  57. T. Software, Business Intelligence and Analytics | Tableau Software, 2017. [Online]. Available: https://www.tableau.com/.

  58. P. Corporation, Data Integration, Business Analytics and Big Data | Pentaho, 2017. [Online]. Available: http://www.pentaho.com/.

  59. Norse Attack Map, 2017. [Online]. Available: http://map.norsecorp.com/$\#$/.

  60. Kaspersky Cyberthreat real-time map, 2017. [Online]. Available: https://cybermap.kaspersky.com/.

  61. FireEye Cyber Threat Map, 2017. [Online]. Available: https://www.fireeye.com/cyber-map/threat-map.html.

  62. Cyber Threat Map, FireEye, 2017. [Online]. Available: https://www.fireeye.com/cyber-map/threat-map.html.

  63. L. SAS, data visualization Archives, Linkurious - Understand the connections in your data., 2015.

    Google Scholar 

  64. Interpol, Cybercrime / Cybercrime / Crime areas / Internet / Home - INTERPOL, Cybercrime, 2017. [Online]. Available: https://www.interpol.int/Crime-areas/Cybercrime/Cybercrime.

  65. Nakamoto, Satoshi. “Bitcoin: A peer-to-peer electronic cash system.” (2008): 28.

    Google Scholar 

  66. Barber, Simon, Xavier Boyen, Elaine Shi, and Ersin Uzun. “Bitter to better: how to make bitcoin a better currency.” In International Conference on Financial Cryptography and Data Security, pp. 399–414. Springer Berlin Heidelberg, 2012.

    Google Scholar 

  67. Swan, Melanie. Blockchain: Blueprint for a new economy. “ O’Reilly Media, Inc.”, 2015.

    Google Scholar 

  68. IsecT Ltd, ISO/IEC 27001 certification standard, 2016. [Online]. Available: http://www.iso27001security.com/html/27001.html.

  69. ISO, ISO/IEC 27001 - Information security management, ISO, 01-Feb-2015. [Online]. Available: http://www.iso.org/iso/iso27001.

  70. IsecT Ltd, ISO/IEC 27032 cybersecurity guideline, 2016. [Online]. Available: http://iso27001security.com/html/27032.html.

  71. Ware, Colin. Information visualization: perception for design. Elsevier, 2012.

    Google Scholar 

  72. Ramanauskait, Simona, Dmitrij Olifer, Nikolaj Goranin, Antanas enys, and Lukas Radvilaviius. “Visualization of mapped security standards for analysis and use optimisation.” Int. J. Comput. Theor. Eng 6, no. 5 (2014): 372–376.

    Google Scholar 

  73. Deep Node, Inc, Why Deep Node?, Deep Node, Inc., 2016. [Online]. Available: http://www.deepnode.com/why-deep-node/.

    Google Scholar 

  74. Deep Node, Inc, The Concept Deep Node, Inc., 2016. [Online]. Available: http://www.deepnode.com/the-concept/.

Download references

Acknowledgements

The authors wish to thank the Cyber Security Researchers of Waikato (CROW) and the Department of Computer Science of the University of Waikato. This research is supported by STRATUS (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud) (https://stratus.org.nz), a science investment project funded by the New Zealand Ministry of Business, Innovation and Employment (MBIE). The authors would also like to thank the New Zealand and Pacific Foundation Scholarship for the continuous support towards Cyber Security postgraduate studies at the University of Waikato.

Author information

Authors and Affiliations

  1. Cyber Security Lab, Department of Computer Science, University of Waikato, Hamilton, New Zealand

    Jeffery Garae & Ryan K. L. Ko

Authors
  1. Jeffery Garae
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ryan K. L. Ko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jeffery Garae .

Editor information

Editors and Affiliations

  1. University of Bristol, Bristol, United Kingdom

    Iván Palomares Carrascosa

  2. Centre for Secure Information Technologies, Queen’s University of Belfast, Belfast, United Kingdom

    Harsha Kumara Kalutarage

  3. Queen’s University Belfast, Belfast, United Kingdom

    Yan Huang

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Garae, J., Ko, R.K.L. (2017). Visualization and Data Provenance Trends in Decision Support for Cybersecurity. In: Palomares Carrascosa, I., Kalutarage, H., Huang, Y. (eds) Data Analytics and Decision Support for Cybersecurity. Data Analytics. Springer, Cham. https://doi.org/10.1007/978-3-319-59439-2_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59439-2_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59438-5

  • Online ISBN: 978-3-319-59439-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation