Dimensionality reduction (DR) methods are commonly used for analyzing and visualizing
multidimensional data. However, when data is a live streaming feed, conventional DR …

Network traffic log data is a key data source for forensic analysis of cybersecurity incidents.
Packet Captures (PCAPs) are the raw information directly gathered from the network device …

Network forensics is based on the analysis of network traffic. Traffic analysis is a routine
procedure, but it allows one to not only identify the cause of the security breach, but also …

Real-time situation awareness is a key challenge of cybersecurity defense. Visual analytics
has been utilized for this purpose, but existing tools tend to require detailed knowledge …

Malware frequently leaves periodic signals in network logs, but these signals are easily
drowned out by non-malicious periodic network activity, such as software updates and other …

Cyber security visualization is becoming a hot research field. Visualization and interactive
analysis can greatly help network managers and analysts monitor network, detect …

In this paper, we present our design study on develo** an interactive visual firewall log
analysis system in collaboration with an IT service provider. We describe the human …

With the continuous development and improvement of Software-Defined Networking (SDN),
large-scale networks are divided into multiple domains. Each domain, which is managed by …

This paper describes a situation awareness framework, Frankenstack, that is the result of a
multi-faceted endeavor to enhance the expertise of cybersecurity specialists by providing …

Cyber Defense Exercises have received much attention in recent years, and are
increasingly becoming the cornerstone for ensuring readiness in this new domain. Crossed …