Evgenia Novikova

Analytical Visualization Techniques for Security Information and Event Management

The paper proposes the architecture of the visualization component for the Security Information and Event Management (SIEM) system. The SIEM systems help to comprehend large amounts of the security data. Visualization is the essential part of the SIEM systems. The suggested architecture of the visualization component allows incorporating different visualization technologies and extending easily the application functionality. To illustrate the approach, we developed the prototype of the SIEM visualization component. The paper demonstrates the graphical user interface of the attack modeling component. To increase the efficiency of the visualization techniques we applied principles of the human information perception and interaction issues when designing graphical components.

Visualization of Security Metrics for Cyber Situation Awareness

One of the important direction of research in situational awareness is implementation of visual analytics techniques which can be efficiently applied when working with big security data in critical operational domains. The paper considers a visual analytics technique for displaying a set of security metrics used to assess overall network security status and evaluate the efficiency of protection mechanisms. The technique can assist in solving such security tasks which are important for security information and event management (SIEM) systems. The approach suggested is suitable for displaying security metrics of large networks and support historical analysis of the data. To demonstrate and evaluate the usefulness of the proposed technique we implemented a use case corresponding to the Olympic Games scenario.

VisSecAnalyzer: A Visual Analytics Tool for Network Security Assessment

Visualization is the essential part of Security Information and Event Management (SIEM) systems. The paper suggests a common framework for SIEM visualization which allows incorporating different visualization technologies and extending easily the application functionality. To illustrate the framework, we developed a SIEM visualization component VisSecAnalyzer. The paper demonstrates its possibilities for the tasks of attack modeling and security assessment. To increase the efficiency of the visualization techniques we applied the principles of the human information perception and interaction.

Towards visual analytics tasks for the security information and event management

Visual analytics is an actively developing multidisciplinary research area which can be successfully used in the field of information security management. The visual analytics techniques are used to monitor information security level of the information system and form situation awareness of the security officer. However, there are still some open issues in visual analytics tasks to be considered. This paper presents main challenges existing in this area and proposes possible solutions of these challenges.

Network traffic processing module for infrastructure attacks detection in cloud computing platforms

The paper presents the results of the design and implementation of a network data processing module for the security component protecting OpenStack cloud computing platform again DDoS attacks. The module processes both internal and external relative cloud infrastructure network traffic, and thus, enables security component to detect DDoS attacks the sources of which can be located inside or outside cloud infrastructure. The paper also presents the results of the module load testing that shows that the developed module is able to process volumes of network traffic exceeding the power of modern DDoS attacks.

DDoS Attacks Detection in Cloud Computing Using Data Mining Techniques

Cloud computing platforms are developing fast nowadays. Due to their increasing complexity, hackers have more and more opportunities to attack them successfully. In this paper, we present an approach for detection internal and external DDoS attacks in cloud computing using data mining techniques. The main features of the cloud security component that implements suggested approach is an ability to detect both types of DDoS attacks and usage of data mining techniques. The component prototype is implemented in OpenStack cloud computing platform. The paper presents the results of the experiments with different types of DDoS attacks.

Visual Analytics for Detecting Anomalous Activity in Mobile Money Transfer Services

Mobile money transfer services (MMTS) are currently being deployed in many markets across the world and are widely used for domestic and international remittances. However, they can be used for money laundering and other illegal financial operations. The paper considers an interactive multi-view approach that allows describing metaphorically the behavior of MMTS subscribers according to their transaction activities. The suggested visual representation of the MMTS users’ behavior based on the RadViz visualization technique helps to identify groups with similar behavior and outliers. We describe several case studies corresponding to the money laundering and behavioral fraud. They are used to assess the efficiency of the proposed a pproach as well as present and discuss the results of experiments.

Dynamical Attack Simulation for Security Information and Event Management

The chapter considers a simulation-based approach to analysis of network resilience to botnet attacks in security information and event management (SIEM) systems, which can be applied to distributed geographic information systems (GISs). On the other hand, SIEM systems can use GIS technology for network awareness, taking into account the geographical location of hosts and network segments. To be able to protect the network against botnet attacks, it is necessary to investigate the processes occurring on all stages of the botnet lifecycle (propagation, control, and attack). The suggested approach can detect the critical nodes in the network, as well as determine and evaluate the protection mechanisms against botnet attacks. We propose the architecture of the dynamic attack simulation component (DASC) and describe its interaction with other SIEM components. The component prototype is presented and results of the implemented experiments are discussed.

Visualization-Driven Approach to Anomaly Detection in the Movement of Critical Infrastructure

Detection of anomalies in employees’ movement represents an area of considerable interest for cyber-physical security applications. In the paper the visual analytics approach to detection of the spatiotemporal patterns and anomalies in organization stuff movement is proposed. The key elements of the approach are interactive self-organizing maps used to detect groups of employees with similar behavior and heat map applied to detect anomalies. They are supported by a set of the interactive interconnected visual models aimed to present spatial and temporal route patterns. We demonstrate our approach with an application to the VAST MiniChallenge-2 2016 data set, which describes movement of the employees within organization building.

Principles of designing distributed data flow control systems with high resistance to malicious actions

Nowadays one of the most important tasks in the field of network technologies is to ensure the data transmission, processing and storage security. In this paper, the idea of a new approach to the design of a distributed system for managing data flows and protecting computer networks from harmful effects is proposed. The main principles of this approach are considered, problems are set and ways of their solution are suggested. The tasks for the further development stage of the described distributed computer network protection system are determined.