In conjunction with RAID
The 7th International Symposium on Visualization for Cyber Security was held in Ottawa, Ontario, Canada on September 14, 2010. This symposium brought together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques. The keynote speaker was Richard Bejtlich.
VizSec was held in conjunction with the 13th International Symposium on Recent Advances in Intrusion Detection (RAID).
The proceedings are in the ACM Digital Library.
Is Security Visualization Useful in Production?
Is there is a disconnect between security visualization in theory and practice? In this keynote, Richard Bejtlich discussed the strengths and weaknesses of using security visualization in the enterprise. For example, why do analysts consistently refer to traditional displays, despite nearly ten years of work in the visualization arena? Why are most security products so limited when rendering data? What must be done to change this situation? Richard explored these topics based on experiences as Principal Technologist and Director of Incident Response for General Electric.
Richard Bejtlich is Director of Incident Response for General Electric, and serves as Principal Technologist for GE's Global Infrastructure Services division. Prior to GE, Richard operated TaoSecurity LLC as an independent consultant, protected national security interests for ManTech Corporation's Computer Forensics and Intrusion Analysis division, investigated intrusions as part of Foundstone's incident response team, and monitored client networks for Ball Corporation. Richard began his digital security career as a military intelligence officer at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. He wrote "The Tao of Network Security Monitoring" and "Extrusion Detection", and co-authored "Real Digital Forensics". He also writes for his blog (taosecurity.blogspot.com) and TechTarget.com, and teaches for Black Hat.
The International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners in information visualization and cyber security to address the specific needs of the cyber security community through new and insightful visualization techniques. Co-located this year with the Symposium on Recent Advances in Intrusion Detection (RAID), the 7th VizSec will continue to provide opportunities for the two communities to collaborate and share insights into providing solutions for security needs through visualization approaches. Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series.
This year our focus is on understanding what makes effective visual interfaces for different cyber security tasks. This involves both advancing our understanding of what cyber security tasks are, and improving our understanding of what it means for a security visualization to be effective. Cyber security visualization tasks cover a wide range, including (but not limited to) acquiring situational awareness in massive datasets; analyzing data from disparate sources during incident handling; producing actionable reports for others; modelling the behaviour of systems; and predicting future events. Understanding the effectiveness of a cyber security visualization is not limited only to the usability of the interface itself, but, perhaps even more importantly, to the assessment of how the visualization advances security goals. Barriers confronting current researchers include understanding the tasks where visualization can be effective, concerns about available data for both usability and effectiveness assessment, lack of a common agreement about what constitutes sound experimental design, and the difficulties of measuring the relative effectiveness of security visualizations in practice. Additionally, discussions at VizSec 2009 raised the question about what role a science-based approach ought to play in the conjunction of visualization and security. While many researchers are making progress in these and other critical areas, much work remains.
Full and short papers, poster abstracts and panel abstracts offering novel contributions in security visualization are solicited. Papers may present technique, applications, practical experience, theory, or experiments and evaluations. Papers are encouraged on technologies and methods that have been demonstrated to be useful for improving information systems security and that address lessons from actual application. We encourage papers that report results on visualization techniques and systems in solving all aspects of cyber security problems, including how visualization applies to:
Accepted papers and abstracts will appear in the ACM Digital Library. The program committee will select an accepted paper to receive the VizSec 2010 best paper award. A key element of the best paper selection process will be whether the results are believed to be repeatable by other scientists based on the algorithms and data provided in the paper.