VizAttack: An extensible open-source visualization framework for cyberattacks

Abstract

Visualization of cyberattacks is gaining popularity as an intuitive technique to present attack data, without overwhelming the average user. However, a security analyst needs to be presented with advanced features, allowing the correlation of the collected data in order to yield interesting findings about the attack methodology itself and utilize the newly acquired knowledge to improve the security processes of an administrative domain. Meaningful cyber security situational awareness leverages security management as it provides the global security state of the administrative domain that allows for informed decision-making on security matters. This chapter presents VizAttack, an extensible, open-source visualization framework for data generated by various security technologies. Not only it integrates and visualizes data from heterogeneous security data sources in a single framework, but it also reconstructs the steps followed during an attack execution. Furthermore, VizAttack supports on-demand queries that are constructed on the fly during the investigation of these attack profiles.