Publications

Refine Results

(Filters Applied) Clear All

Tagged As

Collaborative Data Analysis and Discovery for Cyber Security

June 22, 2016
  |
Conference Paper
Author:
Diane P. Staheli
Published in:
Proceedings of the 12th Symposium on Usable Privacy and Security (SOUPS 2016)
Topic:
visualization
R&D area:
R&D group:

Summary

In this paper, we present the Cyber Analyst Real-Time Integrated Notebook Application (CARINA). CARINA is a collaborative investigation system that aids in decision making by co-locating the analysis environment with centralized cyber data sources, and providing next generation analysts with increased visibility to the work of others.
READ LESS

Summary

In this paper, we present the Cyber Analyst Real-Time Integrated Notebook Application (CARINA). CARINA is a collaborative investigation system that aids in decision making by co-locating the analysis environment with centralized cyber data sources, and providing next generation analysts with increased visibility to the work of others.

READ MORE
Collaborative Data Analysis and Discovery for Cyber Security

BubbleNet: A Cyber Security Dashboard for Visualizing Patterns

June 6, 2016
  |
Conference Paper
Author:
Sean P. McKenna
Published in:
Proceeding of 2016 Eurographics Conference on Visualization (EuroVis)
Topic:
visualization
R&D area:
R&D group:

Summary

The field of cyber security is faced with ever-expanding amounts of data and a constant barrage of cyber attacks. Within this space, we have designed BubbleNet as a cyber security dashboard to help network analysts identify and summarize patterns within the data.
READ LESS

Summary

The field of cyber security is faced with ever-expanding amounts of data and a constant barrage of cyber attacks. Within this space, we have designed BubbleNet as a cyber security dashboard to help network analysts identify and summarize patterns within the data.

READ MORE
BubbleNet: A Cyber Security Dashboard for Visualizing Patterns

Cloudbreak: answering the challenges of cyber command and control

January 1, 2016
  |
Journal Article
Author:
Diane P. Staheli
Published in:
Lincoln Laboratory Journal, Vol. 22, No. 1, 2016, pp. 60-73.
Topic:
visualization
R&D area:
R&D group:

Summary

Lincoln Laboratory's flexible, user-centered framework for the development of command-and-control systems allows the rapid prototyping of new system capabilities. This methodology, Cloudbreak, effectively supports the insertion of new capabilities into existing systems and fosters user acceptance of new tools.
READ LESS

Summary

Lincoln Laboratory's flexible, user-centered framework for the development of command-and-control systems allows the rapid prototyping of new system capabilities. This methodology, Cloudbreak, effectively supports the insertion of new capabilities into existing systems and fosters user acceptance of new tools.

READ MORE
Cloudbreak: answering the challenges of cyber command and control

Unlocking user-centered design methods for building cyber security visualizations(3.93 MB)

October 26, 2015
  |
Conference Paper
Author:
Sean P. McKenna
Published in:
Proceedings of 2015 IEEE Symposium on Visualization for Cyber Security (VizSec)
Topic:
visualization
R&D area:
R&D group:

Summary

User-centered design can aid visualization designers to build better, more practical tools that meet the needs of cyber security users. In this paper, we discuss three design methods and illustrate how each method informed two real-world cyber security visualization projects which resulted in successful deployments to users.
READ LESS

Summary

User-centered design can aid visualization designers to build better, more practical tools that meet the needs of cyber security users. In this paper, we discuss three design methods and illustrate how each method informed two real-world cyber security visualization projects which resulted in successful deployments to users.

READ MORE
Unlocking user-centered design methods for building cyber security visualizations

VAST Challenge 2015: Mayhem at Dinofun World(757.94 KB)

October 25, 2015
  |
Conference Paper
Author:
Mark Whiting
Published in:
Proceedings of 2015 IEEE Conference on Visual Analytics Science and Technology (VAST)
Topic:
visualization
R&D area:
R&D group:

Summary

A fictitious amusement park and a larger-than-life hometown football hero provided participants in the VAST Challenge 2015 with an engaging yet complex storyline and setting in which to analyze movement and communication patterns.
READ LESS

Summary

A fictitious amusement park and a larger-than-life hometown football hero provided participants in the VAST Challenge 2015 with an engaging yet complex storyline and setting in which to analyze movement and communication patterns.

READ MORE
VAST Challenge 2015: Mayhem at Dinofun World

Global pattern search at scale

April 14, 2015
  |
Conference Paper
Author:
Ryan Jordan Crouser
Published in:
IEEE Int. Symp. on Technologies for Homeland Security, 14-16 April 2015.
Topic:
big data
R&D area:
R&D group:

Summary

In recent years, data collection has far outpaced the tools for data analysis in the area of non-traditional GEOINT analysis. Traditional tools are designed to analyze small-scale numerical data, but there are few good interactive tools for processing large amounts of unstructured data such as raw text. In addition to the complexities of data processing, presenting the data in a way that is meaningful to the end user poses another challenge. In our work, we focused on analyzing a corpus of 35,000 news articles and creating an interactive geovisualization tool to reveal patterns to human analysts. Our comprehensive tool, Global Pattern Search at Scale (GPSS), addresses three major problems in data analysis: free text analysis, high volumes of data, and interactive visualization. GPSS uses an Accumulo database for high-volume data storage, and a matrix of word counts and event detection algorithms to process the free text. For visualization, the tool displays an interactive web application to the user, featuring a map overlaid with document clusters and events, search and filtering options, a timeline, and a word cloud. In addition, the GPSS tool can be easily adapted to process and understand other large free-text datasets.
READ LESS

Summary

In recent years, data collection has far outpaced the tools for data analysis in the area of non-traditional GEOINT analysis. Traditional tools are designed to analyze small-scale numerical data, but there are few good interactive tools for processing large amounts of unstructured data such as raw text. In addition to...

READ MORE
Global pattern search at scale

Visualization evaluation for cyber security: trends and future directions(1.22 MB)

November 10, 2014
  |
Conference Paper
Author:
Diane P. Staheli
Published in:
Proceedings of the Eleventh Workshop on Visualization for Cyber Security
Topic:
visualization
R&D area:
R&D group:

Summary

The Visualization for Cyber Security research community (VizSec) addresses longstanding challenges in cyber security by adapting and evaluating information visualization techniques with application to the cyber security domain. In this paper, we survey and categorize the evaluation metrics, components, and techniques that have been utilized in the past decade of VizSec research literature.
READ LESS

Summary

The Visualization for Cyber Security research community (VizSec) addresses longstanding challenges in cyber security by adapting and evaluating information visualization techniques with application to the cyber security domain. In this paper, we survey and categorize the evaluation metrics, components, and techniques that have been utilized in the past decade of...

READ MORE
Visualization evaluation for cyber security: trends and future directions

Sparse volterra systems: theory and practice

May 25, 2013
  |
Conference Paper
Author:
Andrew K. Bolstad
Published in:
Proc. IEEE Int. Conf. on Acoustics, Speech and Signal Processing, ICASSP, 25-31 May 2013.
Topic:
signal processing
R&D area:
R&D group:

Summary

Nonlinear effects limit analog circuit performance, causing both in-band and out-of-band distortion. The classical Volterra series provides an accurate model of many nonlinear systems, but the number of parameters grows extremely quickly as the memory depth and polynomial order are increased. Recently, concepts from compressed sensing have been applied to nonlinear system modeling in order to address this issue. This work investigates the theory and practice of applying compressed sensing techniques to nonlinear system identification under the constraints of typical radio frequency (RF) laboratories. The main theoretical result shows that these techniques are capable of identifying sparse Memory Polynomials using only single-tone training signals rather than pseudorandom noise. Empirical results using laboratory measurements of an RF receiver show that sparse Generalized Memory Polynomials can also be recovered from two-tone signals.
READ LESS

Summary

Nonlinear effects limit analog circuit performance, causing both in-band and out-of-band distortion. The classical Volterra series provides an accurate model of many nonlinear systems, but the number of parameters grows extremely quickly as the memory depth and polynomial order are increased. Recently, concepts from compressed sensing have been applied to...

READ MORE
Sparse volterra systems: theory and practice

An interactive attack graph cascade and reachability display

October 29, 2007
  |
Conference Paper
Author:
Leevar C. Williams
Published in:
VizSEC 2007, Proc. of the Workshop on Visualization for Computer Security, 29 October 2007, pp. 221-236.
Topic:
attack graphs
R&D area:
R&D group:

Summary

Attack graphs for large enterprise networks improve security by revealing critical paths used by adversaries to capture network assets. Even with simplification, current attack graph displays are complex and difficult to relate to the underlying physical networks. We have developed a new interactive tool intended to provide a simplified and more intuitive understanding of key weaknesses discovered by attack graph analysis. Separate treemaps are used to display host groups in each subnet and hosts within each treemap are grouped based on reachability, attacker privilege level, and prerequisites. Users position subnets themselves to reflect their own intuitive grasp of network topology. Users can also single-step the attack graph to successively add edges that cascade to show how attackers progress through a network and learn what vulnerabilities or trust relationships allow critical steps. Finally, an integrated reachability display demonstrates how filtering devices affect host-to-host network reachability and influence attacker actions. This display scales to networks with thousands of hosts and many subnets. Rapid interactivity has been achieved because of an efficient C++ computation engine (a program named NetSPA) that performs attack graph and reachability computations, while a Java application manages the display and user interface.
READ LESS

Summary

Attack graphs for large enterprise networks improve security by revealing critical paths used by adversaries to capture network assets. Even with simplification, current attack graph displays are complex and difficult to relate to the underlying physical networks. We have developed a new interactive tool intended to provide a simplified and...

READ MORE
An interactive attack graph cascade and reachability display
1-9 of 9