Cybercopters Swarm: Immersive analytics for alerts classification based on periodic data
This paper assesses the usefulness of an interactive and navigable 3D environment to help decision-making in cybersecurity. Malware programs frequently emit periodic signals in network logs; however, normal periodical network activities, such as software updates and data collection activities, mask...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Frontiers Media S.A.
2023-04-01
|
Series: | Frontiers in Virtual Reality |
Subjects: | |
Online Access: | https://www.frontiersin.org/articles/10.3389/frvir.2023.1156656/full |
_version_ | 1797847598968602624 |
---|---|
author | Nicolas Delcombel Thierry Duval Marc-Oliver Pahl |
author_facet | Nicolas Delcombel Thierry Duval Marc-Oliver Pahl |
author_sort | Nicolas Delcombel |
collection | DOAJ |
description | This paper assesses the usefulness of an interactive and navigable 3D environment to help decision-making in cybersecurity. Malware programs frequently emit periodic signals in network logs; however, normal periodical network activities, such as software updates and data collection activities, mask them. Thus, if automatic systems use periodicity to successfully detect malware, they also detect ordinary activities as suspicious ones and raise false positives. Hence, there is a need to provide tools to sort the alerts raised by such software. Data visualizations can make it easier to categorize these alerts, as proven by previous research. However, traditional visualization tools can struggle to display a large amount of data that needs to be treated in cybersecurity in a clear way. In response, this paper explores the use of Immersive Analytics to interact with complex dataset representations and collect cues for alert classification. We created a prototype that uses a helical representation to underline periodicity in the distribution of one variable of a dataset. We tested this prototype in an alert triage scenario and compared it with a state-of-the-art 2D visualization with regard to the visualization efficiency, usability, workload, and flow induced. |
first_indexed | 2024-04-09T18:14:03Z |
format | Article |
id | doaj.art-f45b19ff8d364cf9be1613298546f7ca |
institution | Directory Open Access Journal |
issn | 2673-4192 |
language | English |
last_indexed | 2024-04-09T18:14:03Z |
publishDate | 2023-04-01 |
publisher | Frontiers Media S.A. |
record_format | Article |
series | Frontiers in Virtual Reality |
spelling | doaj.art-f45b19ff8d364cf9be1613298546f7ca2023-04-13T08:48:42ZengFrontiers Media S.A.Frontiers in Virtual Reality2673-41922023-04-01410.3389/frvir.2023.11566561156656Cybercopters Swarm: Immersive analytics for alerts classification based on periodic dataNicolas Delcombel0Thierry Duval1Marc-Oliver Pahl2Lab-STICC, UMR CNRS 6285, IMT Atlantique, Brest, FranceLab-STICC, UMR CNRS 6285, IMT Atlantique, Brest, FranceInstitut de Recherche en Informatique et Systèmes Aléatoires (IRISA), UMR CNRS 6074, IMT Atlantique, Cesson-Sévigné, FranceThis paper assesses the usefulness of an interactive and navigable 3D environment to help decision-making in cybersecurity. Malware programs frequently emit periodic signals in network logs; however, normal periodical network activities, such as software updates and data collection activities, mask them. Thus, if automatic systems use periodicity to successfully detect malware, they also detect ordinary activities as suspicious ones and raise false positives. Hence, there is a need to provide tools to sort the alerts raised by such software. Data visualizations can make it easier to categorize these alerts, as proven by previous research. However, traditional visualization tools can struggle to display a large amount of data that needs to be treated in cybersecurity in a clear way. In response, this paper explores the use of Immersive Analytics to interact with complex dataset representations and collect cues for alert classification. We created a prototype that uses a helical representation to underline periodicity in the distribution of one variable of a dataset. We tested this prototype in an alert triage scenario and compared it with a state-of-the-art 2D visualization with regard to the visualization efficiency, usability, workload, and flow induced.https://www.frontiersin.org/articles/10.3389/frvir.2023.1156656/fullimmersive analyticscybersecurityperiodic signalsvirtual realityalarm classification |
spellingShingle | Nicolas Delcombel Thierry Duval Marc-Oliver Pahl Cybercopters Swarm: Immersive analytics for alerts classification based on periodic data Frontiers in Virtual Reality immersive analytics cybersecurity periodic signals virtual reality alarm classification |
title | Cybercopters Swarm: Immersive analytics for alerts classification based on periodic data |
title_full | Cybercopters Swarm: Immersive analytics for alerts classification based on periodic data |
title_fullStr | Cybercopters Swarm: Immersive analytics for alerts classification based on periodic data |
title_full_unstemmed | Cybercopters Swarm: Immersive analytics for alerts classification based on periodic data |
title_short | Cybercopters Swarm: Immersive analytics for alerts classification based on periodic data |
title_sort | cybercopters swarm immersive analytics for alerts classification based on periodic data |
topic | immersive analytics cybersecurity periodic signals virtual reality alarm classification |
url | https://www.frontiersin.org/articles/10.3389/frvir.2023.1156656/full |
work_keys_str_mv | AT nicolasdelcombel cybercoptersswarmimmersiveanalyticsforalertsclassificationbasedonperiodicdata AT thierryduval cybercoptersswarmimmersiveanalyticsforalertsclassificationbasedonperiodicdata AT marcoliverpahl cybercoptersswarmimmersiveanalyticsforalertsclassificationbasedonperiodicdata |