发布求助
文献互助 智能选刊 最新文献

2021 IEEE Symposium on Visualization for Cyber Security (VizSec)最新文献

筛选
英文 中文
[Copyright notice] (版权)
2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-10-01 DOI: 10.1109/vizsec53666.2021.00003
{"title":"[Copyright notice]","authors":"","doi":"10.1109/vizsec53666.2021.00003","DOIUrl":"https://doi.org/10.1109/vizsec53666.2021.00003","url":null,"abstract":"","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134288805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Decision Support for Sharing Data using Differential Privacy 基于差分隐私的数据共享决策支持
2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-10-01 DOI: 10.1109/VizSec53666.2021.00008
Mark F. St. John, G. Denker, Peeter Laud, Karsten Martiny, A. Pankova, Dusko Pavlovic
{"title":"Decision Support for Sharing Data using Differential Privacy","authors":"Mark F. St. John, G. Denker, Peeter Laud, Karsten Martiny, A. Pankova, Dusko Pavlovic","doi":"10.1109/VizSec53666.2021.00008","DOIUrl":"https://doi.org/10.1109/VizSec53666.2021.00008","url":null,"abstract":"Owners of data may wish to share some statistics with others, but they may be worried of privacy of the underlying data. An effective solution to this problem is to employ provable privacy techniques, such as differential privacy, to add noise to the statistics before releasing them. This protection lowers the risk of sharing sensitive data with more or less trusted data sharing partners. Unfortunately, applying differential privacy in its mathematical form requires one to fix certain numeric parameters, which involves subtle computations and expert knowledge that the data owners may lack.In this paper, we first describe a differential privacy parameter selection procedure that minimizes what lay data owners need to know. Second, we describe a user visualization and workflow that makes this procedure available for lay data owners by helping them set the level of noise appropriately to achieve a tolerable risk level. Finally, we describe a user study in which human factors professionals who were native to differential privacy were briefly trained on the concept of using differential privacy for data sharing and then used the visualization to determine an appropriate level of noise.","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132137085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
BUCEPHALUS: a BUsiness CEntric cybersecurity Platform for proActive anaLysis Using visual analyticS BUCEPHALUS:一个以业务为中心的网络安全平台,用于使用可视化分析进行主动分析
2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-10-01 DOI: 10.1109/VizSec53666.2021.00007
M. Angelini, G. Blasilli, Silvia Bonomi, S. Lenti, A. Palleschi, G. Santucci, Emiliano De Paoli
{"title":"BUCEPHALUS: a BUsiness CEntric cybersecurity Platform for proActive anaLysis Using visual analyticS","authors":"M. Angelini, G. Blasilli, Silvia Bonomi, S. Lenti, A. Palleschi, G. Santucci, Emiliano De Paoli","doi":"10.1109/VizSec53666.2021.00007","DOIUrl":"https://doi.org/10.1109/VizSec53666.2021.00007","url":null,"abstract":"Analyzing and mitigating the threats that cyber-attacks pose on the services of a critical infrastructure is not a trivial activity. Research solutions have been developed using data about the devices used for implementing the services, services dependencies, network topology, and the vulnerabilities that can be exploited to attack the network. However, most of the proposed solutions fail to consider these aspects in an integrated fashion, allowing the user to understand global dependencies and weaknesses. This paper contributes this issue with BUCEPHALUS, a Visual Analytics solution providing a) a visual overview of the existing relationships among business functions, devices, and vulnerabilities, and b) a what-if analysis scenario, in which the user is supported on making decisions on which vulnerabilities are more appropriate to fix. BUCEPHALUS has been developed and validated within a user-centered design process involving security professionals.","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114130313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Towards Visual Analytics Dashboards for Provenance-driven Static Application Security Testing 面向源驱动静态应用程序安全测试的可视化分析仪表板
2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-10-01 DOI: 10.1109/VizSec53666.2021.00010
A. Schreiber, Tim Sonnekalb, L. Kurnatowski
{"title":"Towards Visual Analytics Dashboards for Provenance-driven Static Application Security Testing","authors":"A. Schreiber, Tim Sonnekalb, L. Kurnatowski","doi":"10.1109/VizSec53666.2021.00010","DOIUrl":"https://doi.org/10.1109/VizSec53666.2021.00010","url":null,"abstract":"The use of static code analysis tools for security audits can be time consuming, as the many existing tools focus on different aspects and therefore development teams often use several of these tools to keep code quality high and prevent security issues. Displaying the results of multiple tools, such as code smells and security warnings, in a unified interface can help developers get a better overview and prioritize upcoming work. We present visualizations and a dashboard that interactively display results from static code analysis for “interesting” commits during development. With this, we aim to provide an effective visual analytics tool for code security analysis results.","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123963188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Visual Decision-Support for Live Digital Forensics 实时数字取证的可视化决策支持
2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-10-01 DOI: 10.1109/VizSec53666.2021.00012
Fabian Böhm, Ludwig Englbrecht, Sabrina Friedl, G. Pernul
{"title":"Visual Decision-Support for Live Digital Forensics","authors":"Fabian Böhm, Ludwig Englbrecht, Sabrina Friedl, G. Pernul","doi":"10.1109/VizSec53666.2021.00012","DOIUrl":"https://doi.org/10.1109/VizSec53666.2021.00012","url":null,"abstract":"Performing a live digital forensics investigation on a running system is challenging due to the time pressure under which decisions have to be made. Newly proliferating and frequently applied types of malware (e.g., fileless malware) increase the need to conduct digital forensic investigations in real-time. In the course of these investigations, forensic experts are confronted with a wide range of different forensic tools. The decision, which of those are suitable for the current situation, is often based on the cyber forensics experts’ experience. Currently, there is no reliable automated solution to support this decision-making. Therefore, we derive requirements for visually supporting the decision-making process for live forensic investigations and introduce a research prototype that provides visual guidance for cyber forensic experts during a live digital forensics investigation. Our prototype collects relevant core information for live digital forensics and provides visual representations for connections between occurring events, developments over time, and detailed information on specific events. To show the applicability of our approach, we analyze an exemplary use case using the prototype and demonstrate the support through our approach.","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115356340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
[Title page i] [标题页i]
2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-10-01 DOI: 10.1109/vizsec53666.2021.00001
{"title":"[Title page i]","authors":"","doi":"10.1109/vizsec53666.2021.00001","DOIUrl":"https://doi.org/10.1109/vizsec53666.2021.00001","url":null,"abstract":"","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127120699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
User-Centered Design of Visualizations for Software Vulnerability Reports 以用户为中心的软件漏洞报告可视化设计
2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-10-01 DOI: 10.1109/VizSec53666.2021.00013
S. L. Reynolds, Tobias Mertz, Steven Arzt, J. Kohlhammer
{"title":"User-Centered Design of Visualizations for Software Vulnerability Reports","authors":"S. L. Reynolds, Tobias Mertz, Steven Arzt, J. Kohlhammer","doi":"10.1109/VizSec53666.2021.00013","DOIUrl":"https://doi.org/10.1109/VizSec53666.2021.00013","url":null,"abstract":"Today’s software systems are created by software development processes that naturally include mistakes, some of which can be exploited by attackers and are therefore called vulnerabilities. Automatic software scanners enable developers to analyze their applications to detect vulnerabilities and alert them of their presence. But often these reports are hard to understand, include false positives or overwhelm users due to the sheer number of alerts, since a report may contain hundreds to thousands of vulnerabilities. Developers must undergo a process called vulnerability triage to find the relevant vulnerabilities to fix. This paper presents two interactive visualizations for developers and security experts to gain an overview of the security state of their application. Users can see the distribution of vulnerabilities, find the most relevant ones, and compare differences between application versions. Our visualization design is inspired by an initial preliminary study and has been evaluated by domain experts to investigate the usability and appropriateness.","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129873568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
AI Total: Analyzing Security ML Models with Imperfect Data in Production AI Total:分析生产中不完美数据的安全ML模型
2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-10-01 DOI: 10.1109/VizSec53666.2021.00006
Awalin Sopan, Konstantin Berlin
{"title":"AI Total: Analyzing Security ML Models with Imperfect Data in Production","authors":"Awalin Sopan, Konstantin Berlin","doi":"10.1109/VizSec53666.2021.00006","DOIUrl":"https://doi.org/10.1109/VizSec53666.2021.00006","url":null,"abstract":"Development of new machine learning models is typically done on manually curated data sets, making them unsuitable for evaluating the models’ performance during operations, where the evaluation needs to be performed automatically on incoming streams of new data. Unfortunately, pure reliance on a fully automatic pipeline for monitoring model performance makes it difficult to understand if any observed performance issues are due to model performance, pipeline issues, emerging data distribution biases, or some combination of the above. With this in mind, we developed a web-based visualization system that allows the users to quickly gather headline performance numbers while maintaining confidence that the underlying data pipeline is functioning properly. It also enables the users to immediately observe the root cause of an issue when something goes wrong. We introduce a novel way to analyze performance under data issues using a data coverage equalizer. We describe the various modifications and additional plots, filters, and drill-downs that we added on top of the standard evaluation metrics typically tracked in machine learning (ML) applications, and walk through some real world examples that proved valuable for introspecting our models.","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125440501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Developing Visualisations to Enhance an Insider Threat Product: A Case Study 开发可视化以增强内部威胁产品:案例研究
2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-09-17 DOI: 10.1109/VizSec53666.2021.00011
Martin Graham, R. Kukla, O. Mandrychenko, D. Hart, J. Kennedy
{"title":"Developing Visualisations to Enhance an Insider Threat Product: A Case Study","authors":"Martin Graham, R. Kukla, O. Mandrychenko, D. Hart, J. Kennedy","doi":"10.1109/VizSec53666.2021.00011","DOIUrl":"https://doi.org/10.1109/VizSec53666.2021.00011","url":null,"abstract":"This paper describes the process of developing data visualisations to enhance a commercial software platform for combating insider threat, whose existing UI, while perfectly functional, was limited in its ability to allow analysts to easily spot the patterns and outliers that visualisation naturally reveals. We describe the design and development process, proceeding from initial tasks/requirements gathering, understanding the platform’s data formats, the rationale behind the visualisations’ design, and then refining the prototype through gathering feedback from representative domain experts who are also current users of the software. Through a number of example scenarios, we show that the visualisation can support the identified tasks and aid analysts in discovering and understanding potentially risky insider activity within a large user base.","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122289912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
VulnEx: Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure VulnEx:探索大型开发组织中的开源软件漏洞以了解风险暴露
2021 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2021-08-13 DOI: 10.1109/VizSec53666.2021.00014
Frederik L. Dennig, E. Cakmak, H. Plate, D. Keim
{"title":"VulnEx: Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure","authors":"Frederik L. Dennig, E. Cakmak, H. Plate, D. Keim","doi":"10.1109/VizSec53666.2021.00014","DOIUrl":"https://doi.org/10.1109/VizSec53666.2021.00014","url":null,"abstract":"The prevalent usage of open-source software (OSS) has led to an increased interest in resolving potential third-party security risks by fixing common vulnerabilities and exposures (CVEs). However, even with automated code analysis tools in place, security analysts often lack the means to obtain an overview of vulnerable OSS reuse in large software organizations. In this design study, we propose VULNEX (Vulnerability Explorer), a tool to audit entire software development organizations. We introduce three complementary table based representations to identify and assess vulnerability exposures due to OSS, which we designed in collaboration with security analysts. The presented tool allows examining problematic projects and applications (repositories), third-party libraries, and vulnerabilities across a software organization. We show the applicability of our tool through a use case and preliminary expert feedback.","PeriodicalId":183519,"journal":{"name":"2021 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132610083","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信