CISSE Working Group Outcomes - Security Visualization Challenges

At the CISSE 2009 conference, we held a workshop on Security Visualization, during which we identified a number of research problems associated with security visualization. You can find them listed below. Tomorrow, we will identify use-cases for security visualization. If you have any use-cases that you want us to consider, comment on here!

Security Visualization Research Problems


Important Realization: Visualization is generally an add-on to a specific problem or task. This dilutes the research community, since there are data visualizations of many different areas of interest.

Data Acquisition

  • Data normalization: aggregation, filter, and augmentation. Common formats are needed that span the requirements.

  • Accessing data (transport problems)

  • Data security issues (confidentiality, integrity)

  • Context collection

  • Real-time processing (collection and visualization)

  • Data disposal / destruction

  • What to do with missing data / gaps?

  • “Cleaning” data

Visual Representations

  • Time series representations instead of snap-shots

  • Are three-dimensional / interactive visualizations more intuitive / easier to use than, for example, a set of two dimensional representations?
  • Education of Expert Witnesses: how to present scientific data and explain visualizations in terms that are understandable by juries, prosecutors, and judges

  • The challenge of transitioning data into evidence is an on-going problem. The starting point is raw data, which is then transformed into a visual representation, which is then contextually interpreted as information. There are many issues with this process, including appropriate representation of actual or relational time sequence and the provability of the linkage between the raw data and the interpreted information.

  • Photo classification: A challenge is the emerging area of photo-realistic cartoons or imagined figures, which are getting so life-like that they are crossing the boundary from good to evil when used inappropriately.

  • Extremely large data set analyses, focusing on making them faster while maintaining accuracy

  • Integration of many variables into a useful visualization, where many means 4 or more variables.

Visual Interpretations

  • “Bridging the Gap”: creating visualizations that are intuitively interpretable by non-trained people. This implies needed integration of knowledge from the fields of sociology, cultural anthropology, learning theory, neuroscience, psychology, disability amelioration, etc.

  • Understanding visual representations: interpreting actual meaning from the visualization can be challenging. Research into how to make this more intuitive is needed, as is research in how to best educate analysts. Additionally, better human-interpretable visualizations are needed.

  • Visualization as an accelerator of identification of anomaly judgment (OK versus Not OK)

  • Interpretative visualization tools

  • Enable a better interpretation of complexities in relationships and interactions in data sets.

Overall Problems

  • Scientific validation of tools (Type 1 and Type 2 error rates; perhaps tool certification as being built with “pure” software, perhaps Common Criteria type certification)

  • Need to create an inter-disciplinary community of visualization researchers that talk to each other and share methods so that the wheel does not need to re-invented between communities

Use-Cases?

Hi,

Will you be posting use cases from this meeting? These would be most helpful to me. I'm more of a vis guy dabbling in security than the other way around. I'm developing a tool (and/or extending existing tools) to incorporate a lot of established research (that seems to be neglected in many current offerings) and am identifying requirements, e.g. how are these tools used, how do people want to use them, are there current gaps in functionality, what are the sore points? This article was very interesting to me for this reason. Any recommendations on where else to look for such info?