VizSec 2009 Symposium on Visualization for Cyber Security

Symposium on Visualization for Cyber Security

October 11, 2009
  /   Atlantic City, NJ, USA

In conjunction with VisWeek 2009

The 6th International Workshop on Visualization for Cyber Security was held in Atlantic City, NJ, USA on October 11, 2009. VizSec brought together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques. The keynote speaker was Bill Cheswick.

VizSec was held in conjunction with VisWeek 2009.

The proceedings are in the IEEE Digital Library.


Anatoly Yelizarov, Dennis Gamayunov
'Visualization of Complex Attacks and State of Attacked Network' slides | paper link
Joel Glanfield, Stephen Brooks, Teryl Taylor, Diana Paterson, Christopher Smith, Carrie Gates, John McHugh
'OverFlow: An Overview Visualization for Network Analysis' slides | paper link
David Barrera, P.C. van Oorschot
'Security Visualization Tools and IPv6 Addresses' slides | paper link
Daniel A. Quist, Lorie M. Liebrock
'Visualizing Compiled Executables for Malware Analysis' slides | paper link
Philipp Trinius, Thorsten Holz, Jan Gobel, Felix C. Freiling
'Visual Analysis of Malware Behavior Using Treemaps and Thread Graphs' slides | paper link
T.J. Jankun-Kelly, David Wilson, Andrew S. Stamps, Josh Franck, Jeffery Carver, J. Edward Swan II
'A Visual Analytic Framework for Exploring Relationships in Textual Contents of Digital Forensics Evidence' slides | paper link
Glenn A. Fink, Christopher L. North, Alex Endert, Stuart Rose
'Visualizing Cyber Security: Usable Workspaces' slides | paper link
John R. Goodall
'Visualization is Better! A Comparative Evaluation' slides | paper link
Dino Schweitzer, Jeff Boleng, Colin Hughes, Louis Murphy
'Visualizing Keyboard Pattern Passwords' slides | paper link
Shaun P. Morrissey, Georges Grinstein
'Visualizing Firewall Configurations Using Created Voids' slides | paper link


Steve Huntsman, Chris Covington, and John Franklin
'Scalable visual traffic analysis' abstract
Diana Paterson, Teryl Taylor, Joel Glaneld, Christopher Smith, Carrie Gates, Stephen Brooks, and John McHugh
'Activity Viewer: A Tool for Monitoring Network Host Activities' abstract
Qi Liao, Dirk VanBruggen, Andrew Blaich, and Aaron Striegel
'Visual Exploration and Analysis on Host, Users and Applications in Enterprise Networks' absract
Giovani Rimon Abuaitah and Bin Wang
'SecVizer: A Security Visualization Tool for QualNet-Generated Traffic Traces' abstract

Keynote Speaker

Bill Cheswick, AT&T Labs

Visual Tools for Security: Is there a there there?

It seems obvious: networks, software, authentication, and people have important and often complicated relationships and interactions. There's far too much going on to keep track of all of it, but we know there are important devils down in the details. We know they are there.

Though many have been chasing this dream of security visualization for a couple of decades, we don't have that much to show for our efforts. We use NOCs and tools widely for managing large networks, but they get complicated fast. And most of the anomalous activity is weird but benign, leaving us awash in a sea of false positives. And those people in the NOCs seem totally resistant to 3D displays, data gloves,and other cool tools of our trade.

What can we do? How can we help, really?

Bill Cheswick is interested in security that's too hard to ensure, passwords that are too hard to remember, graphs that are too hard to visualize, and VCRs that are too hard to program. And lots of other stuff. Ches is an early innovator in Internet security. He is known for his work in firewalls, proxies, and Internet mapping at Bell Labs and Lumeta Corp. He is best known for the book he co-authored with Steve Bellovin and now Avi Rubin, Firewalls and Internet Security; Repelling the Wily Hacker. Ches is now a member of the technical staff at AT&T Labs - Research in Florham Park, NJ, where he is working on security, visualization, user interfaces, and a variety of other things.


Deb Frincke (organizer)
"Security + Visualization =/= Science ...Changing the equation"

The 6th International Workshop on Visualization for Cyber Security is a forum that brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques. Co-located this year with IEEE VisWeek 2009, VizSec will continue to provide opportunities for the two communities to collaborate and share insights into providing solutions for security needs through visualization approaches. Accepted papers will be published by the IEEE and archived in the IEEE Digital Library. The authors of the best papers will be invited to extend and revise their paper for journal publication in a special issue of Information Visualization.

This year our focus is on advancing Visualization for Cyber Security as a scientific discipline. While art, engineering, and intuitions regarding the human element will always remain important if we are to obtain useful cyber security visualizations, advances in the scientific practice of research are needed. The scientific aspects of visualization for cyber security draw both on empirical observation (similar to many natural and social sciences) and formal science (such as the formal derivations in mathematics). Barriers confronting current researchers include concerns about available data, lack of a common agreement about what constitutes sound experimental design, the difficulties of measuring the relative effectiveness of security visualizations in practice, and the lack of a common understanding of user requirements. While many researchers are making progress in these and other critical areas, much work yet remains.

Technical Papers

Papers offering novel contributions in security visualization are solicited. Papers may present technique, applications, practical experience, theory, or experiments and evaluations. Papers are encouraged on technologies and methods that have been demonstrated to be useful for improving information systems security and that address lessons from actual application. We encourage papers that report results on visualization techniques and systems in solving all aspects of cyber security problems, including how visualization applies to:

Please consider using public data sets to demonstrate your VizSec system. Using public data sets makes it easier to compare VizSec systems. One example comes from this year's VAST Challenge 2009: An employee is leaking important information to the outside world.

General Chair
Deb Frincke, Pacific Northwest National Laboratory
Program Co-Chairs
John Goodall, Secure Decisions division of Applied Visions Inc.
Carrie Gates, CA Labs
Papers Chair
Robert Erbacher, Utah State University

Program Committee