Cybercopters Swarm: Immersive analytics for alerts classification based on periodic data

This paper assesses the usefulness of an interactive and navigable 3D environment to help decision-making in cybersecurity. Malware programs frequently emit periodic signals in network logs; however, normal periodical network activities, such as software updates and data collection activities, mask them. Thus, if automatic systems use periodicity to successfully detect malware, they also detect ordinary activities as suspicious ones and raise false positives. Hence, there is a need to provide tools to sort the alerts raised by such software. Data visualizations can make it easier to categorize these alerts, as proven by previous research. However, traditional visualization tools can struggle to display a large amount of data that needs to be treated in cybersecurity in a clear way. In response, this paper explores the use of Immersive Analytics to interact with complex dataset representations and collect cues for alert classification. We created a prototype that uses a helical representation to underline periodicity in the distribution of one variable of a dataset. We tested this prototype in an alert triage scenario and compared it with a state-of-the-art 2D visualization with regard to the visualization efficiency, usability, workload, and flow induced

Cybersécurité en réalité virtuelle : améliorer le processus de détection d’intrusion, d’investigation et de décision via l’utilisation de techniques de visualisations 3D immersives

In this thesis, we examined how virtual reality could contribute to assisting operators in cyber operation centers who are responsible for processing a large number of alerts within tight deadlines. To sort through these alerts, operators compare the behavior of the monitored system with its nominal behavior and must correlate numerous and diverse data. The 2D tools they currently have do not provide effective visualizations. They are limited by their difficulty in correlating data between multiple visualizations, and in representing the evolution of a system’s behavior over time. Therefore, we created a 3D visualization concept that overcomes these limitations. We developed an immersive prototype based on this concept, which we evaluated compared to 2D visualizations. The results show greater efficiency of our prototype in processing complex data, while allowing increased user engagement at the cost of additional physical effort and the inability to interact with traditional 2D tools in the virtual environment. We thus devised a concept for an immersive cybersecurity environment that enables the use of 3D visualizations while having access to conventional cybersecurity tools. We demonstrated that all the necessary software components for its realization are available and have begun combining them to create a limited but functional prototype.Dans cette thèse, nous avons examiné comment la réalité virtuelle pouvait contribuer à aider les opérateurs des centres d’opération cyber qui sont chargés de traiter un grand nombre d’alertes dans des délais restreints. Pour trier ces alertes, les opérateurs comparent le comportement du système surveillé avec son comportement nominal et doivent corréler des données nombreuses et variées. Les outils 2D dont ils disposent actuellement ne fournissent pas de visualisations efficaces. Celles-ci sont limitées par leurs difficultés à corréler des données entre plusieurs visualisations, et à représenter l’évolution du comportement d’un système au fil du temps. Nous avons donc créé un concept de visualisation 3D qui permet de dépasser ces limitations. Nous avons développé un prototype immersif basé sur ce concept que nous avons évalué par rapport à des visualisations 2D. Les résultats montrent une plus grande efficacité de notre prototype pour traiter des données complexes, tout en permettant engagement accru des utilisateurs au prix d’un effort physique supplémentaire et de l’impossibilité d’interagir avec des outils 2D classiques dans l’environnement virtuel. Nous avons donc élaboré un concept d’environnement immersif pour la cybersécurité qui permet d’utiliser des visualisations 3D tout en ayant accès à des outils classiques de cybersécurité. Nous avons démontré que sa réalisation est possible et avons commencé à créer un prototype limité mais fonctionnel

CyberCopter: a 3D helical visualisation for periodic signals of cyber attacks

International audienceThis paper aims to assess the usefulness of 3D interactive interfaces to display periodic signals in a network. Past research has shown that data visualization simplifies alert classification drawn by periodicity-based Intrusion Detection Systems. However, 2D visualizations have limitations such as screen space availability. This is why we created CyberCopter, a prototype that uses a 3D helical representation to highlight periodic patterns in a dataset. We tested CyberCopter usability and efficiency in a fraud detection scenario. It scored 77 on the SUS questionnaire which demonstrates acceptable usability

Video1_Cybercopters Swarm: Immersive analytics for alerts classification based on periodic data.mp4

This paper assesses the usefulness of an interactive and navigable 3D environment to help decision-making in cybersecurity. Malware programs frequently emit periodic signals in network logs; however, normal periodical network activities, such as software updates and data collection activities, mask them. Thus, if automatic systems use periodicity to successfully detect malware, they also detect ordinary activities as suspicious ones and raise false positives. Hence, there is a need to provide tools to sort the alerts raised by such software. Data visualizations can make it easier to categorize these alerts, as proven by previous research. However, traditional visualization tools can struggle to display a large amount of data that needs to be treated in cybersecurity in a clear way. In response, this paper explores the use of Immersive Analytics to interact with complex dataset representations and collect cues for alert classification. We created a prototype that uses a helical representation to underline periodicity in the distribution of one variable of a dataset. We tested this prototype in an alert triage scenario and compared it with a state-of-the-art 2D visualization with regard to the visualization efficiency, usability, workload, and flow induced.</p

Studying the Effects of Visual Movement on Creativity

Many studies have shown that physical activity, especially walking, tends to stimulate certain cognitive functions, including divergent creativity. The objective of this study was to understand whether some of this gain comes from the perception of movement, and not merely physical activity itself. 32 participants carried out divergent and convergent creativity tasks in a virtual reality environment consisting of a train inside a tunnel, while wearing a HeadMounted-Display (HMD). For half of the participants, the virtual train was running, and they could therefore see tunnel lamps passing by through the windows. For the other half, the train was stationary. The results of this study indicate that participants perform better at tasks that require divergent creativity when the virtual environment is moving than when it is at a standstill. These results lead to recommendations for the design of tools and environments for meetings and creativity workshops