The 5th International Workshop on Visualization for Cyber Security will provide a forum for new research in visualization for computer security. We are pleased to be holding this year's meeting in conjunction with the 11th International Symposium on Recent Advances in Intrusion Detection. The VizSec Workshop will be held at MIT in Cambridge, Massachusetts USA on Monday, September 15, 2008. The Keynote this year will be given by Ben Shneiderman on the topic Information Forensics: Harnessing visualization to support discovery.

As a result of previous VizSec workshops, we have seen both the application of existing visualization techniques to security problems and the development of novel security visualization approaches. However, VizSec research has focused on helping human analysts to detect anomalies and patterns, particularly in computer network defense. Other communities, led by researchers from the RAID Symposia, have researched automated methods for detecting anomalies and malicious activity.

The theme for this year's workshop, which will be held in conjunction with RAID 2008, will be on bridging the gap between visualization and automation, such as leveraging the power of visualization to create rules for intrusion detection and defense systems. We encourage VizSec participants to stay for the RAID Symposium and RAID participants to come a day early to participate in VizSec. There will be a discount for joint registration.

We also solicit papers that report results on visualization techniques and systems in solving all aspects of cyber security problems, including:

• Visualization of Internet routing
• Visualization of packet traces and network flows
• Visualization of intrusion detection alerts
• Visualization of attack tracks
• Visualization of security vulnerabilities
• Visualization of attack paths
• Visualization of application processes
• Visualization for forensic analysis
• Visualization for correlating events
• Visualization for computer network defense training
• Visualization for offensive information operations
• Visualization for building rules
• Visualization for feature selection
• Visualization for cryptology
• Visualization for detecting anomalous activity
• Deployment and field testing of VizSec systems
• Evaluation and user testing of VizSec systems
• User and design requirements for VizSec systems
• Lessons learned from development and deployment of VizSec systems

All submitted papers will be peer-reviewed. Full and short papers will be published by Springer Lecture Notes in Computer Science (LNCS) in the VizSec 2008 Proceedings. Poster and Demo abstracts will be made available on the VizSec web site.

Full papers should present mature research results. Accepted papers will be presented and included in the VizSec 2008 proceedings. Papers must include an abstract and a list of keywords and can be up to 18 pages in total length, including the bibliography and appendices.

Short papers can be used to present less mature research results than full papers, or late-breaking results. Accepted short papers will be presented and included in the VizSec 2008 proceedings. Short papers must include an abstract and a list of keywords and can be up to 8 pages in total length, including the bibliography and appendices.

Posters can be used to describe work in progress or updates to previously published VizSec research or R&D. Poster submissions should consist of a 2 page abstract. Poster will be presented at the VizSec/RAID reception. Abstracts will be made available on the web site.

Demonstrations can be used to show new or updated development efforts. Demo submissions should consist of a 2 page abstract. Demonstrations will take place at the VizSec/RAID reception. (You will need to bring a laptop for demos.) Abstracts will be made available on the web site.

Submissions are closed.

Deadline for full paper submission (closed)

Deadline for short paper submissions (closed)

Notification for poster and demo acceptance

VizSec Workshop

Information Forensics: Harnessing visualization to support discovery

Ben Shneiderman is a Professor in the Department of Computer Science, Founding Director (1983-2000) of the Human-Computer Interaction Laboratory, and Member of the Institute for Advanced Computer Studies at the University of Maryland at College Park. He was made a Fellow of the ACM in 1997, elected a Fellow of the American Association for the Advancement of Science in 2001, and received the ACM CHI (Computer Human Interaction) Lifetime Achievement Award in 2001.

Since 1991 his major focus has been information visualization, beginning with his dynamic queries and starfield display research that led to the development of Spotfire. Dr. Shneiderman developed the treemap concept in 1991 which continues to inspire research and commercial implementations. Two current projects focus on network visualization: Network Visualization by Semantic Substrates and SocialAction.

The Need for Applied Visualization in Information Security Today

Toby Kohlenberg is a Information Security specialist at Intel Corporation. He has extensive experience in intrusion detection systems (IDS), penetration testing, incident response, and architecture design and review. Toby has developed security architectures for world-wide technology deployments including secure WLANs, Windows 2000/XP/2003/Active Directory, and IDS/IPS technologies and solutions. He has been obsessed with data visualization ever since he tried to use TCPdump to look at traffic on dual T3s and has been heavily involved in driving security product use of visualization as well as sponsoring visualization research at Intel.

Raffy Marty is chief security strategist and senior product manager. He is customer advocate and guardian - expert on all things security and log analysis at Splunk. His passion for visualization is evident in the many presentations he gives at conferences around the world and the upcoming "Applied Security Visualization" book. In addition, Raffy is the author of AfterGlow, founder of the security visualization portal http://secviz.org, and contributing author to a number of books on security and visualization.

Rich Johnson is a computer security specialist with nearly a decade of professional experience. Currently employed by Microsoft, Richard works with the secure computing initiative group, tasked with reviewing the design and implementation of Microsoft's premier products including Microsoft Windows, Microsoft Office, and Windows Mobile. Richard has been a public speaker at worldwide security events since 2004, presenting research on topics ranging from program analysis to system mitigation design. Richard is also the co-founder of The Uninformed Journal.

Lurene Grenier is the Analyst Team Lead on the Vulnerability Research Team at Sourcefire, the makers of snort. Her primary areas of research include reverse engineering, exploit development, and the automation of these activities. In the area of virtualization, she is currently attempting to make use of the data collected by a realtime heap data collector for the purpose of creating custom heap grooming libraries.

Ron Dilley has spent the majority of the last two decades in the fields of programming, technical support, administration and security engineering. His involvement in information systems and information security is informed by his vast experience, including several open source projects and work on the 2005 DARPA Grand Challenge. After several years as a Unix administrator, Dilley moved into information systems security. He currently leads an information security team at a Fortune 500 company.

The workshop will be held on the MIT campus at the Wong Auditorium in the Tang Center. For information on things to do at MIT, in Cambridge, and in Boston, please see the MIT visitor page. For maps and information on hotels, restaurants, and attractions in the Boston area, please see the Greater Boston Convention and Visitors Bureau site or call 1-888-SEE-BOSTON to speak with a Visitor Information Representative.

Limited accommodations for RAID/VizSec are available at the Boston Marriott Cambridge, located directly across the street from the conference venue. We have guaranteed 35 rooms at the reduced rate of $219 single/double occupancy; you must mention RAID to get the special group rate.

Boston Marriott Cambridge
2 Cambridge Center, (Broadway & Third Streets)
Cambridge, Massachusetts 02142 USA
Phone: 1-617-494-6600
Fax: 1-617-494-0036
Price per room per night: $219

Note: When the rooms reserved in the RAID/VizSec block are sold out, requests will be handled on a space-available basis at the hotel's standard rate. Make your reservations early!

John Goodall, Secure Decisions division of Applied Visions

Gregory Conti, United States Military Academy
Kwan-Liu Ma, University of California at Davis

Robert K. Cunningham, Lincoln Laboratory

Stefan Axelsson, Blekinge Institute of Technology
Richard Bejtlich, General Electric
Kris Cook, Pacific Northwest National Laboratory
David Ebert, Purdue University
Robert Erbacher, Utah State University
Deborah Frincke, Pacific Northwest National Laboratory
Carrie Gates, CA Labs
John Gerth, Stanford University
Barry Irwin, Rhodes University
Daniel Keim, University of Konstanz
Toby Kohlenberg, Intel
Stuart Kurkowski, Air Force Institute of Technology
Kiran Lakkaraju, University of Illinois at Urbana-Champaign
Raffael Marty, Splunk
Douglas Maughan, Department of Homeland Security
John McHugh, Dalhousie University
Penny Rheingans, UMBC
Lawrence Rosenblum, National Science Foundation
George Tadda, Air Force Research Lab
Daniel Tesone, Applied Visions
Alfonso Valdes, SRI International
Kirsten Whitley, Department of Defense

Email questions about the workshop to John Goodall:
    johng < at > securedecisions < dot > avi < dot > com