Abstract
The vast amount of data collected daily from logging mechanisms on web and mobile applications lack effective analytic approaches to provide insights for cybersecurity. Current analytical time taken to identify zero-day attacks and respond with a patch or detection mechanism is unmeasurable. This is a current challenge and struggle for cybersecurity researchers. User- and data provenance-centric approaches are the growing trend in aiding defensive and offensive decisions on cyber-attacks. In this chapter we introduce (1) our Security Visualization Standard (SCeeL-VisT); (2) the Security Visualization Effectiveness Measurement (SvEm) Theory; (3) the concept of Data Provenance as a Security Visualization Service (DPaaSVS); and (4) highlight growing trends of using data provenance methodologies and security visualization methods to aid data analytics and decision support for cyber security. Security visualization showing provenance from a spectrum of data samples on an attack helps researchers to reconstruct the attack from source to destination. This helps identify possible attack patterns and behaviors which results in the creation of effective detection mechanisms and cyber-attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Bitcoin is a distributed, decentralized crypto-currency, which implicitly defined and implemented Nakamoto consensus.
- 2.
Blockchain is a public ledger of all Bitcoin transactions that have executed in a linear and chronological order.
- 3.
The Security Visualization effectiveness Measurement theory designed for mobile platforms is measured in percent (%) provides a way to measure clarity and visibility in a given security visualization.
References
Orebaugh, Angela, Gilbert Ramirez, and Jay Beale. Wireshark & Ethereal network protocol analyzer toolkit. Syngress, 2006.
Wang, Shaoqiang, DongSheng Xu, and ShiLiang Yan. “Analysis and application of Wireshark in TCP/IP protocol teaching.” In E-Health Networking, Digital Ecosystems and Technologies (EDT), 2010 International Conference on, vol. 2, pp. 269–272. IEEE, 2010.
Patcha, Animesh, and Jung-Min Park. “An overview of anomaly detection techniques: Existing solutions and latest technological trends.” Computer networks 51, no. 12 (2007): 3448–3470.
Yan, Ye, Yi Qian, Hamid Sharif, and David Tipper. “A Survey on Cyber Security for Smart Grid Communications.” IEEE Communications Surveys and tutorials 14, no. 4 (2012): 998–1010.
Tan, Yu Shyang, Ryan KL Ko, and Geoff Holmes. “Security and data accountability in distributed systems: A provenance survey.” In High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing (HPCC_EUC), 2013 IEEE 10th International Conference on, pp. 1571–1578. IEEE, 2013.
Suen, Chun Hui, Ryan KL Ko, Yu Shyang Tan, Peter Jagadpramana, and Bu Sung Lee. “S2logger: End-to-end data tracking mechanism for cloud data provenance.” In Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on, pp. 594–602. IEEE, 2013.
Ko, Ryan KL, and Mark A. Will. “Progger: an efficient, Tamper-evident Kernel-space logger for cloud data provenance tracking.” In Cloud Computing (CLOUD), 2014 IEEE 7th International Conference on, pp. 881–889. IEEE, 2014.
Bishop, Matt. “Analysis of the ILOVEYOU Worm.” Internet: http://nob.cs.ucdavis.edu/classes/ecs155-2005-04/handouts/iloveyou.pdf (2000).
D. Kushner, The Real Story of Stuxnet, IEEE Spectrum: Technology, Engineering, and Science News, 26-Feb-2013. [Online]. Available: http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet.
A. K. Z. K. Z. Security, An Unprecedented Look at Stuxnet, the Worlds First Digital Weapon, WIRED. [Online]. Available: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/.
Rigby, Darrell, and Barbara Bilodeau. “Management tools & trends 2011.” Bain & Company Inc (2011).
Bonner, Lance. “Cyber Risk: How the 2011 Sony Data Breach and the Need for Cyber Risk Insurance Policies Should Direct the Federal Response to Rising Data Breaches.” Wash. UJL & Pol’y 40 (2012): 257.
Siadati, Hossein, Bahador Saket, and Nasir Memon. “Detecting malicious logins in enterprise networks using visualization.” In Visualization for Cyber Security (VizSec), 2016 IEEE Symposium on, pp. 1–8. IEEE, 2016.
Gove, Robert. “V3SPA: A visual analysis, exploration, and diffing tool for SELinux and SEAndroid security policies.” In Visualization for Cyber Security (VizSec), 2016 IEEE Symposium on, pp. 1–8. IEEE, 2016.
Rees, Loren Paul, Jason K. Deane, Terry R. Rakes, and Wade H. Baker. “Decision support for cybersecurity risk planning.” Decision Support Systems 51, no. 3 (2011): 493–505.
Teoh, Soon Tee, Kwan-Liu Ma, and S. Felix Wu. “A visual exploration process for the analysis of internet routing data.” In Proceedings of the 14th IEEE Visualization 2003 (VIS’03), p. 69. IEEE Computer Society, 2003.
Wang, Lingyu, Sushil Jajodia, Anoop Singhal, and Steven Noel. “k-zero day safety: Measuring the security risk of networks against unknown attacks.” In European Symposium on Research in Computer Security, pp. 573–587. Springer Berlin Heidelberg, 2010.
Mansfield-Devine, Steve. “Ransomware: taking businesses hostage.” Network Security 2016, no. 10 (2016): 8–17.
Sgandurra, Daniele, Luis Muñoz-González, Rabih Mohsen, and Emil C. Lupu. “Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection.” arXiv preprint arXiv:1609.03020 (2016).
Davis, Thad A., Michael Li-Ming Wong, and Nicola M. Paterson. “The Data Security Governance Conundrum: Practical Solutions and Best Practices for the Boardroom and the C-Suite.” Colum. Bus. L. Rev. (2015): 613.
L. Widmer, The 10 Most Expensive Data Breaches | Charles Leach, 23-Jun-2015. [Online]. Available: http://leachagency.com/the-10-most-expensive-data-breaches/.
J. Garae, R. K. L. Ko, and S. Chaisiri, UVisP: User-centric Visualization of Data Provenance with Gestalt Principles, in 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, China, August 23–26, 2016, 2016, pp. 1923–1930.
Zhang, Olive Qing, Markus Kirchberg, Ryan KL Ko, and Bu Sung Lee. “How to track your data: The case for cloud computing provenance.” In Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on, pp. 446–453. IEEE, 2011.
Microsoft, 2016 Trends in Cybersecurity: A quick Guide to the Most Important Insights in Security, 2016. [Online]. Available: https://info.microsoft.com/rs/157-GQE-382/images/EN-MSFT-SCRTY-CNTNT-eBook-cybersecurity.pdf.
Chen, Hsinchun, Roger HL Chiang, and Veda C. Storey. “Business intelligence and analytics: From big data to big impact.” MIS quarterly 36, no. 4 (2012): 1165–1188.
Durumeric, Zakir, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicolas Weaver et al. “The matter of heartbleed.” In Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM, 2014.
Mahmood, Tariq, and Uzma Afzal. “Security analytics: Big data analytics for cybersecurity: A review of trends, techniques and tools.” In Information assurance (ncia), 2013 2nd national conference on, pp. 129–134. IEEE, 2013.
Talia, Domenico. “Toward cloud-based big-data analytics.” IEEE Computer Science (2013): 98–101.
C. Pettey and R. Van der Meulen, Gartner Reveals Top Predictions for IT Organizations and Users for 2012 and Beyond, 01-Dec-2011. [Online]. Available: http://www.gartner.com/newsroom/id/1862714. [Accessed:01-Feb-2017].
Kambatla, Karthik, Giorgos Kollias, Vipin Kumar, and Ananth Grama. “Trends in big data analytics.” Journal of Parallel and Distributed Computing 74, no. 7 (2014): 2561–2573.
Simmhan, Yogesh, Saima Aman, Alok Kumbhare, Rongyang Liu, Sam Stevens, Qunzhi Zhou, and Viktor Prasanna. “Cloud-based software platform for big data analytics in smart grids.” Computing in Science & Engineering 15, no. 4 (2013): 38–47.
Cuzzocrea, Alfredo, Il-Yeol Song, and Karen C. Davis. “Analytics over large-scale multidimensional data: the big data revolution!.” In Proceedings of the ACM 14th international workshop on Data Warehousing and OLAP, pp. 101–104. ACM, 2011.
Ericsson, Gran N. “Cyber security and power system communication essential parts of a smart grid infrastructure.” IEEE Transactions on Power Delivery 25, no. 3 (2010): 1501–1507.
Khurana, Himanshu, Mark Hadley, Ning Lu, and Deborah A. Frincke. “Smart-grid security issues.” IEEE Security & Privacy 8, no. 1 (2010).
Bejtlich, Richard. The practice of network security monitoring: understanding incident detection and response. No Starch Press, 2013.
Desai, Anish, Yuan Jiang, William Tarkington, and Jeff Oliveto. “Multi-level and multi-platform intrusion detection and response system.” U.S. Patent Application 10/106,387, filed March 27, 2002.
Mell, Peter, and Tim Grance. “The NIST definition of cloud computing.” (2011).
Burger, Eric W., Michael D. Goodman, Panos Kampanakis, and Kevin A. Zhu. “Taxonomy model for cyber threat intelligence information exchange technologies.” In Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, pp. 51–60. ACM, 2014.
Barnum, Sean. “Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX).” MITRE Corporation 11 (2012).
O’Toole Jr, James W. “Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device.” U.S. Patent 7,024,548, issued April 4, 2006.
Gerace, Thomas A. “Method and apparatus for determining behavioral profile of a computer user.” U.S. Patent 5,848,396, issued December 8, 1998.
Gu, Tao, Hung Keng Pung, and Da Qing Zhang. “Toward an OSGi-based infrastructure for context-aware applications.” IEEE Pervasive Computing 3, no. 4 (2004): 66–74.
Anderson, Douglas D., Mary E. Anderson, Carol Oman Urban, and Richard H. Urban. “Debit card fraud detection and control system.” U.S. Patent 5,884,289, issued March 16, 1999.
Camhi, Elie. “System for the security and auditing of persons and property.” U.S. Patent 5,825,283, issued October 20, 1998.
L. Widmer, The 10 Most Expensive Data Breaches | Charles Leach, 23-Jun-2015. [Online]. Available: http://leachagency.com/the-10-most-expensive-data-breaches/.
SINET Announces 16 Most Innovative Cybersecurity Technologies of 2016 | Business Wire, 19-Sep-2016. [Online]. Available: http://www.businesswire.com/news/home/20160919006353/en/SINET-Announces-16-Innovative-Cybersecurity-Technologies-2016.
C. Pettey and R. Van der Meulen, Gartner Reveals Top Predictions for IT Organizations and Users for 2012 and Beyond, 01-Dec-2011. [Online]. Available: http://www.gartner.com/newsroom/id/1862714.
C. Heinl and E. EG Tan, Cybersecurity: Emerging Issues, Trends, Technologies and Threats in 2015 and Beyond. [Online]. Available: https://www.rsis.edu.sg/wp-content/uploads/2016/04/RSIS$_$Cybersecurity$_$EITTT2015.pdf.
Kavitha, T., and D. Sridharan. “Security vulnerabilities in wireless sensor networks: A survey.” Journal of information Assurance and Security 5, no. 1 (2010): 31–44.
B. Donohue, Hot Technologies in Cyber Security, Cyber Degrees, 03-Dec-2014.
Jeong, Jongil, Dongkyoo Shin, Dongil Shin, and Kiyoung Moon. “Java-based single sign-on library supporting SAML (Security Assertion Markup Language) for distributed Web services.” In Asia-Pacific Web Conference, pp. 891–894. Springer Berlin Heidelberg, 2004.
Gro, Thomas. “Security analysis of the SAML single sign-on browser/artifact profile.” In Computer Security Applications Conference, 2003. Proceedings. 19th Annual, pp. 298–307. IEEE, 2003.
Rees, Loren Paul, Jason K. Deane, Terry R. Rakes, and Wade H. Baker. “Decision support for cybersecurity risk planning.” Decision Support Systems 51, no. 3 (2011): 493–505.
T. Reuille, OpenGraphiti: Data Visualization Framework, 05-Aug-2014. [Online]. Available: http://www.opengraphiti.com/.
McKenna, S., Staheli, D., Fulcher, C. and Meyer, M. (2016), BubbleNet: A Cyber Security Dashboard for Visualizing Patterns. Computer Graphics Forum, 35: 281–290. doi:10.1111/cgf.12904
Linkurious, Linkurious - Linkurious - Understand the connections in your data, 2016. [Online]. Available: https://linkurio.us/.
T. Software, Business Intelligence and Analytics | Tableau Software, 2017. [Online]. Available: https://www.tableau.com/.
P. Corporation, Data Integration, Business Analytics and Big Data | Pentaho, 2017. [Online]. Available: http://www.pentaho.com/.
Norse Attack Map, 2017. [Online]. Available: http://map.norsecorp.com/$\#$/.
Kaspersky Cyberthreat real-time map, 2017. [Online]. Available: https://cybermap.kaspersky.com/.
FireEye Cyber Threat Map, 2017. [Online]. Available: https://www.fireeye.com/cyber-map/threat-map.html.
Cyber Threat Map, FireEye, 2017. [Online]. Available: https://www.fireeye.com/cyber-map/threat-map.html.
L. SAS, data visualization Archives, Linkurious - Understand the connections in your data., 2015.
Interpol, Cybercrime / Cybercrime / Crime areas / Internet / Home - INTERPOL, Cybercrime, 2017. [Online]. Available: https://www.interpol.int/Crime-areas/Cybercrime/Cybercrime.
Nakamoto, Satoshi. “Bitcoin: A peer-to-peer electronic cash system.” (2008): 28.
Barber, Simon, Xavier Boyen, Elaine Shi, and Ersin Uzun. “Bitter to better: how to make bitcoin a better currency.” In International Conference on Financial Cryptography and Data Security, pp. 399–414. Springer Berlin Heidelberg, 2012.
Swan, Melanie. Blockchain: Blueprint for a new economy. “ O’Reilly Media, Inc.”, 2015.
IsecT Ltd, ISO/IEC 27001 certification standard, 2016. [Online]. Available: http://www.iso27001security.com/html/27001.html.
ISO, ISO/IEC 27001 - Information security management, ISO, 01-Feb-2015. [Online]. Available: http://www.iso.org/iso/iso27001.
IsecT Ltd, ISO/IEC 27032 cybersecurity guideline, 2016. [Online]. Available: http://iso27001security.com/html/27032.html.
Ware, Colin. Information visualization: perception for design. Elsevier, 2012.
Ramanauskait, Simona, Dmitrij Olifer, Nikolaj Goranin, Antanas enys, and Lukas Radvilaviius. “Visualization of mapped security standards for analysis and use optimisation.” Int. J. Comput. Theor. Eng 6, no. 5 (2014): 372–376.
Deep Node, Inc, Why Deep Node?, Deep Node, Inc., 2016. [Online]. Available: http://www.deepnode.com/why-deep-node/.
Deep Node, Inc, The Concept Deep Node, Inc., 2016. [Online]. Available: http://www.deepnode.com/the-concept/.
Acknowledgements
The authors wish to thank the Cyber Security Researchers of Waikato (CROW) and the Department of Computer Science of the University of Waikato. This research is supported by STRATUS (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud) (https://stratus.org.nz), a science investment project funded by the New Zealand Ministry of Business, Innovation and Employment (MBIE). The authors would also like to thank the New Zealand and Pacific Foundation Scholarship for the continuous support towards Cyber Security postgraduate studies at the University of Waikato.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Garae, J., Ko, R.K.L. (2017). Visualization and Data Provenance Trends in Decision Support for Cybersecurity. In: Palomares Carrascosa, I., Kalutarage, H., Huang, Y. (eds) Data Analytics and Decision Support for Cybersecurity. Data Analytics. Springer, Cham. https://doi.org/10.1007/978-3-319-59439-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-59439-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59438-5
Online ISBN: 978-3-319-59439-2
eBook Packages: Computer ScienceComputer Science (R0)