d7.1.3 final dissemination report - cordis...tasks: t7.1: vis-sense knowledge dissemination (led by...

SEVENTH FRAMEWORK PROGRAMMEArea ICT-2009.1.4 (Trustworthy ICT)

Visual Analytic Representation of Large Datasetsfor Enhancing Network Security

D7.1.3 Final dissemination report

Contract No. FP7-ICT-257495-VIS-SENSE

Workpackage WP7 – Dissemination / ExploitationAuthor CERTH/ITIVersion 1Date of delivery M38Actual Date of Delivery M38Dissemination level PublicResponsible CERTH/ITIData included from CERTH/ITI, UKON, IT, SYM, EUR, IGD

The research leading to these results has received funding from the European Community’sSeventh Framework Programme (FP7/2007-2013) under grant agreement n°257495.

SEVENTH FRAMEWORK PROGRAMMEArea ICT-2009.1.4 (Trustworthy ICT)

The VIS-SENSE Consortium consists of:

Fraunhofer IGD Project coordinator GermanyInstitut Eurecom FranceInstitut Telecom FranceCentre for Research and Technology Hellas GreeceSymantec Ltd. IrelandUniversitat Konstanz Germany

Contact information:Dr Jorn KohlhammerFraunhofer IGDFraunhoferstraße 564283 DarmstadtGermany

e-mail: [email protected]: +49 6151 155 646

[email protected]

Contents

1 Introduction 61.1 Purpose of this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.2 Deliverable Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2 Dissemination Material 82.1 VIS-SENSE Leaflets and Banner . . . . . . . . . . . . . . . . . . . . . . . 82.2 Website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3 Accomplished Dissemination Activities 183.1 Dissemination channels and Target groups . . . . . . . . . . . . . . . . . . 183.2 List of Dissemination Activities . . . . . . . . . . . . . . . . . . . . . . . . 20

3.2.1 Participation in International Fairs/Exhibitions . . . . . . . . . . . 213.2.2 Paper Presentation in Conferences/Workshops/Symposia . . . . . 233.2.3 Paper Publications in Journals . . . . . . . . . . . . . . . . . . . . 313.2.4 Publication of non-scientific material . . . . . . . . . . . . . . . . . 333.2.5 Participation in Security Events . . . . . . . . . . . . . . . . . . . 343.2.6 Guest Presentations . . . . . . . . . . . . . . . . . . . . . . . . . . 353.2.7 Educational activities . . . . . . . . . . . . . . . . . . . . . . . . . 36

4 Conclusions 40

3

Abstract

This report provides a detailed analysis of all the heterogeneous dissemination activ-ities that have been realized by each VIS-SENSE partner separately or by the consor-tium as a whole, during the project’s third year, in reference to the pivotal dissemina-tion plan and strategy that was defined in the initial dissemination report (Deliverable7.1.1). Specifically, the activities are grouped with respect to the utilized communicationchancels, as well as the groups targeted by each channel. The utilized communicationchances include, but are not limited to: submissions of scientific papers in Conferences/-Workshops/Journals, participation in security events, participation in exhibitions, in-vited presentations, and educational activities.

The revised project flyer is described here, together with the banner developed for thepresentation of VIS-SENSE at exhibitions. This material will also be used for dissemi-nation purposes after the project is finished.

Furthermore, this deliverable also includes descriptions of the relevant updates to theproject website. These updates include a revised presentation of the project publications,a new section containing images, videos and interactive demos as well as the addition ofa significant number of project deliverables. The website has been enhanced to continuethe communication of the VIS-SENSE results to the general public after the conclusionof the project.

1 Introduction

1.1 Purpose of this Document

As it is outlined in the VIS-SENSE Description of Work (DoW), the aim of WP7 Dis-semination / Exploitation, is to identify and deploy the most efficient dissemination andexploitation activities, so as to achieve the following objectives:

1. To bring VIS-SENSE results closer to all interested parties from relevant scientificareas, business and market fields, social cultural and political/legalisation author-ities.

2. To monitor regulatory and standardization activities directly related to the re-search work, in order to assure the overall viability and coherence of the projectresults.

3. To effectively disseminate the outcomes of the research work and build an overallstrategy for the exploitation of results.

4. To ensure a world visibility of the project at a minimal cost

Towards the efficient accomplishments of these goals, the WP7 is divided into fourTasks: T7.1: VIS-SENSE knowledge dissemination (led by CERTH/ITI), T7.2: Dissem-ination material production (led by FhG/IGD), T7.3: Networking and standardization(led by FhG/IGD) and T7.4: Networking and standardization (led FhG/IGD). Specif-ically, this manuscript is part of T7.1, which has as a main purpose the define thepivotal dissemination strategy that will encompass the selection and implementation ofthe most appropriate dissemination activities throughout the project’s duration, so asto accommodate the WP7 objectives listed above. The dissemination strategies andactivities employed by the VIS-SENSE consortium for the total duration of the projectare documented into three deliverables: Deliverable 7.1.1 - Initial Dissemination Report(submitted in month 12), Deliverable 7.1.2 - Intermediate Dissemination Report (sub-mitted in month 24) and Deliverable 7.1.3 - Final Dissemination Report (submitted inmonth 38).

6

1.2 Deliverable Structure

Being more specific, Deliverable 7.1.1, described the exploitation plan, while Deliver-ables 7.1.2 and 7.1.3 presented its application in the second and third year respectively.Particularly, this manuscript includes all the dissemination activities that have been car-ried out during the third year of VIS-SENSE. It should be noted that the accomplisheddissemination activities target a large variety of groups, including scientific (researchers,academia) and business (end-users, industry) community, as well as to the respectivepolicy-makers. Furthermore, since VIS-SENSE combines two different technologicalfields, i.e. information visualization and network security, audience from both areasmust be attracted. Thus, the dissemination channels that the VIS-SENSE consortiumutilized, address both the information visualization and the Internet security sector, aswell as multi-disciplinary approaches.

1.2 Deliverable Structure

The deliverable is organized as follows.Chapter 1 introduces the deliverable, defines its scope and structure.Chapter 2 presents the VIS-SENSE dissemination material, focussing on the revised

VIS-SENSE flyer, the VIS-SENSE banner and the changes made to the website in thefinal project year.

Chapter 3 provides a detailed list of the communication channels, and target groups,that are involved in the dissemination activities accomplished during the third yearof the project. Furthermore, this section also includes a complete list of the exactdissemination activities accomplished in the third and final year, along with additionalinformation regarding the utilized communication channels and target groups for eachactivity.

Finally, in Chapter 4 concludes this deliverable.

FP7-ICT-257495-VIS-SENSE 7

2 Dissemination Material

In this chapter, the work on dissemination material (leaflets and banner) produced forexhibitions, workshops and conferences will be briefly described. In addition, the mod-ifications to the website for the optimal outward representation of VIS-SENSE results.The banner, the leaflets and the website all make use of a similar style, colour and imagesin order to establish and maintain a visual identity for the project.

2.1 VIS-SENSE Leaflets and Banner

As reported in deliverable D7.1.2 Intermediate Dissemination Report, the first VIS-SENSE leaflets were designed by the Fraunhofer IGD PR department. These weredelivered in time for the CeBIT trade fair in Germany (March 2012). They were alsodistributed at numerous subsequent events, including the FIA conference in Aalborg(May 2012), the VisWeek conference in Atlanta (October 2012), and the 2013 CeBITtrade fair in Germany (March 2013).

For the final dissemination activities of the project an update of the leaflets was carriedout. The Fraunhofer IGD PR department modified the contents of the original leafletsto reflect the state of the project. In particular, the focus was laid on describing theexploitable results of the project and how they could benefit their target groups. It alsoincluded commentary on the success stories of the project. The layout of the leaflets wasvery similar to the first design.

The revised VIS-SENSE leaflets were printed in A4 format with typical folds for leafletsof this nature. The front and back views of the leaflets are shown in Figures 2.1 and 2.2.The leaflets were distributed at the Vis 2013 exhibition in Atlanta, Georgia (October2013) and at the ICT 2013 exhibition in Vilnius (November). In addition, the remainingleaflets were distributed to the partners for continuing dissemination activities after theend of the project.

Together with the VIS-SENSE leaflets, a VIS-SENSE banner was also designed bythe Fraunhofer IGD PR department. The banner contained a number of keywords toattract attention to the project’s exhibition stands at Vis 2013 and ICT 2013. It willbe retained by Fraunhofer IGD after the project and shown at appropriate internaland external events in order to increase awareness and visibility of the project after its

8

2.1 VIS-SENSE Leaflets and Banner

VIS

UA

L A

NA

LYTI

CS

FOR

EN

HA

NC

ED N

ETW

OR

K S

ECU

RIT

Y

DE

TE

CT

ION

OF

AB

NO

RM

AL

NE

TW

OR

K B

EH

AV

IOU

R,

AT

TAC

K A

TT

RIB

UT

ION

A

ND

BO

RD

ER

GA

TE

WA

Y P

RO

TO

CO

L A

NA

LYS

IS

CO

OR

DIN

ATO

R:

Dr.

Jö

rn K

oh

lham

mer

Frau

nhof

er IG

D

Frau

nhof

erst

rass

e 5

6428

3 D

arm

stad

t

Ger

man

y

E-m

ail:

joer

n.ko

hlha

mm

er@

igd.

frau

nhof

er.d

e

Phon

e: +

49 6

151

155-

646

Fax:

+49

615

1 15

5-13

9

Web

site

: ww

w.v

is-s

ense

.eu

PAR

TNER

S:

CO

NTA

CT

Inte

rnet

Th

reat

Lan

dsc

ape:

A v

arie

ty o

f da

ta s

ets

have

been

col

lect

ed a

nd a

naly

sed

to e

xplo

re t

he d

istr

ibut

ion

of

mal

war

e, t

he g

row

th o

f bo

tnet

s an

d th

e ev

olut

ion

of s

pam

cam

paig

ns. T

he V

IS-S

ENSE

fra

mew

ork

com

bine

s ad

vanc

ed

data

min

ing

tech

niqu

es w

ith in

nova

tive

visu

aliz

atio

ns t

o pr

o-

vide

ana

lyst

s w

ith in

sigh

ts in

to t

he w

hole

“Sp

am L

ifecy

cle”

.

New

str

ateg

ies

for

mal

war

e pr

opag

atio

n co

uld

be id

entifi

ed

alon

g w

ith in

stan

ces

of b

otne

t co

oper

atio

n in

the

for

m o

f

“out

sour

cing

”.

Oth

er C

ase

Stu

die

s: T

he f

ollo

win

g le

ss in

clus

ive

case

stu

-

dies

hav

e be

en c

ondu

cted

usi

ng t

he V

IS-S

ENSE

fra

mew

ork:

•

Ana

lysi

s of

dat

a co

llect

ed b

y in

trus

ion

dete

ctio

n sy

stem

s

to

aut

omat

ical

ly fi

nd a

nd c

hara

cter

ise

com

mon

intr

usio

n

pa

tter

ns a

nd u

se t

hese

to

prov

ide

situ

atio

n aw

aren

ess.

•

Ana

lysi

s of

logi

n pr

oced

ures

to

char

acte

rise

susp

icio

us o

r

un

auth

oris

ed a

cces

s to

use

r ac

coun

ts.

•

Ana

lysi

s of

SSL

cer

tifi c

ate

hier

arch

ies

deriv

ed f

rom

a s

can

of

the

Inte

rnet

for

the

det

ectio

n of

ano

mal

ies.

Figure 2.1: The front view of the revised VIS-SENSE leaflet



The

VIS

-SEN

SE f

ram

ewor

k is

a s

uite

of

visu

aliz

atio

n an

d da

ta-

min

ing

tech

nolo

gies

whi

ch a

ims

to p

rovi

de v

isua

l ana

lytic

s

for

enha

nced

cyb

er s

ecur

ity. B

y co

mbi

ning

the

str

engt

hs o

f

peop

le a

nd c

ompu

ters

the

iden

tifi c

atio

n of

sus

pici

ous

actio

ns

in la

rge

netw

orks

can

be

impr

oved

.

The

VIS

-SEN

SE f

ram

ewor

k ha

s be

en a

pplie

d to

app

licat

ion

area

s ra

ngin

g fr

om n

etw

ork

info

rmat

ion

secu

rity

and

atta

ck

attr

ibut

ion

to a

ttac

k pr

edic

tion

and

the

dete

ctio

n of

BG

P hi

-

jack

ing.

It a

ddre

sses

bot

h th

e ta

ctic

al (m

onito

ring

in r

eal t

ime)

and

stra

tegi

c (lo

ng t

erm

) asp

ects

of

secu

rity.

The

VIS

-SEN

SE f

ram

ewor

k is

the

res

ult

of a

n EU

-fun

ded,

fo-

cuse

d re

sear

ch p

roje

ct in

volv

ing

six

expe

rienc

ed p

artn

ers

from

rese

arch

and

indu

stry

. The

fra

mew

ork

was

con

ceiv

ed a

nd b

uilt

by s

ome

of t

he le

adin

g re

sear

cher

s in

the

fi el

ds o

f vi

sual

ana

-

lytic

s an

d ne

twor

k se

curit

y. It

inco

rpor

ates

the

nex

t ge

nera

ti-

on o

f to

ols

to e

nabl

e th

e in

tera

ctiv

e m

inin

g an

d vi

sual

izat

ion

of la

rge

secu

rity-

rele

vant

dat

a se

ts.

TAR

GET

GR

OU

PS

Tele

com

mu

nic

atio

ns

op

erat

ors

an

d IS

Ps:

The

VIS

-SEN

SE

fram

ewor

k ad

dres

ses

BGP

hija

ckin

g an

d at

tack

att

ribut

ion.

The

rapi

d id

entifi

cat

ion

of m

alic

ious

tra

ffi c

is im

port

ant

for

the

prot

ectio

n of

cus

tom

er n

etw

orks

. The

abi

lity

to w

arn

cust

omer

s ab

out

poss

ible

BG

P hi

jack

ings

wou

ld e

nabl

e

them

to

reac

t qu

ickl

y.

Secu

rity

so

ftw

are

com

pan

ies:

The

VIS

-SEN

SE f

ram

ewor

k

enab

les

thre

at a

nd m

alw

are

anal

ysts

to

iden

tify

crim

inal

cam

paig

ns in

mas

sive

am

ount

s al

erts

. The

str

ateg

ic a

naly

sis

of t

he t

hrea

t la

ndsc

ape

impr

oves

the

ir un

ders

tand

ing

of t

he

mod

us o

pera

ndi o

f at

tack

ers

and

its e

volu

tion

over

tim

e.

Co

mp

ute

r Em

erg

ency

Res

po

nse

Tea

ms

(CER

Ts):

Both

the

tac

tical

and

str

ateg

ic a

naly

sis

of s

ecur

ity d

ata

sets

play

a r

ole

in C

ERT

wor

k. T

he V

IS-S

ENSE

fra

mew

ork

help

s

them

to

resp

ond

mor

e ef

fect

ivel

y to

sec

urity

inci

dent

s bu

t

also

to

rem

ain

info

rmed

of

chan

ges

in t

he a

ttac

k ph

enom

e-

na t

hey

are

mon

itorin

g.

Secu

rity

res

earc

her

s:

Besi

des

usin

g an

d te

stin

g th

e V

IS-S

ENSE

fra

mew

ork

with

thei

r ow

n da

ta s

ets,

res

earc

hers

will

be

inte

rest

ed in

impr

o-

DE

TE

CT

ION

OF

AB

NO

RM

AL

NE

TW

OR

K B

EH

AV

IOU

R,

AT

TAC

K A

TT

RIB

UT

ION

A

ND

BO

RD

ER

GA

TE

WA

Y P

RO

TO

CO

L A

NA

LYS

IS

EXTE

NSI

BLE

, SC

ALA

BLE

V

ISU

AL

AN

ALY

TIC

S

ving

and

ext

endi

ng t

he f

ram

ewor

k w

ith n

ew v

isua

lizat

ions

and

data

-min

ing

mod

ules

.

CA

SE S

TUD

IES

BG

P: R

aw ro

utin

g in

form

atio

n ha

s be

en c

olle

cted

fro

m a

serie

s of

BG

P va

ntag

e po

ints

and

ana

lyse

d. T

he V

IS-S

ENSE

fram

ewor

k en

able

s th

e de

tect

ion

and

inve

stig

atio

n of

rout

ing

anom

alie

s an

d of

pos

sibl

e BG

P hi

jack

s. A

var

iety

of

mea

sure

s ar

e co

rrel

ated

to

redu

ce t

he n

umbe

r of

fal

se p

osi-

tives

. The

for

war

ding

pat

hs a

t th

e IP

and

AS

leve

ls t

owar

ds

spec

ifi c

susp

icio

us IP

add

ress

es o

r ne

twor

ks h

ave

been

mon

i-

tore

d. W

hen

enric

hed

with

BG

P ro

utin

g in

form

atio

n, ro

utin

g

anom

alie

s an

d po

ssib

le B

GP

hija

cks

coul

d be

mon

itore

d in

both

the

dat

a pl

ane

(IP) a

nd t

he c

ontr

ol p

lane

(BG

P).

Figure 2.2: The back view of the revised VIS-SENSE leaflet

10 SEVENTH FRAMEWORK PROGRAMME

2.2 Website

conclusion.

The banner has a format of 85cm x 200cm, is self-supporting and rolls up into aneasily transportable box, which also serves as its base. In image of the banner at theVis 2013 exhibition is shown in Figure 2.3

2.2 Website

The public section of the VIS-SENSE website was relaunched, also based on a design bythe Fraunhofer IGD PR department, in the second year of the project. The new designmore accurately reflected the goals and outcomes of the project and represented a highquality dissemination channel. The VIS-SENSE website was initially described in D7.2- VIS-SENSE Public and Private Website and VIS-SENSE Logo and in D8.1 - ProjectReference Manual and Quality Plan. The first version of the website was covered ingreat detail in D7.1.1 - Initial Dissemination Report. The second version of the websitewas described in D7.1.2 - Intermediate Dissemination Report

The updates made to the website in the third year are described in this section. Thefollowing domain names were registered for the VIS-SENSE project:

www.vis-sense.eu and www.vissense.eu

The VIS-SENSE website is reachable via both of these URLs. However, the primaryURL selected for the project website is http://www.vis-sense.eu/. The VIS-SENSEwebsite is hosted by Fraunhofer IGD.

The public section of the VIS-SENSE website has been created to showcase the projectresults and make activities related to the project publicly available. The structure of thewebsite aims to provide easily accessible information without hiding important detailsfrom the visitors. The home page contains a simple representation of the project and itsgoals. Eye-catching screen shots of VIS-SENSE modules are placed on the home page asthey become available during the course of the project. A Link to an interactive onlinedemo is also featured on the home page. Figure 2.4 shows the current homepage of theVIS-SENSE website.

One major changes was made to the website in the third year of the project. Thepresentation of the VIS-SENSE publications was made more usable and navigable. Thepublications are shown in an interactively sortable and searchable table. For visitorsinterested in the details of a publication, the abstract can be shown on demand. Inaddition, every entry in the table also provides access to a DOI link to the publicationitself. The new publications section of the VIS-SENSE website is shown in Figure 2.5.



Figure 2.3: The VIS-SENSE banner on display at the VIS 2013 exhibition in Atlanta,Georgia


2.2 Website

Figure 2.4: The current homepage of the VIS-SENSE website



Figure 2.5: The current publications page of the VIS-SENSE website


2.2 Website

A second major change will made to the website at the end of the project. Thiswill be the replacement of the News section by the Media section of the website (SeeFigure 2.4). The media section was deemed more important than the news section forthe dissemination goals of the project after its conclusion. In addition, a lot of videos,demos and screen shots were created for the exhibitions at the end of the project. Theconsortium felt that it would be a good idea to include this material on the projectwebsite. The new media section of the VIS-SENSE website is shown in Figure 2.6.

The media section will have the following subsections:

Images provides access to collections of screen shots for many of the visualization com-ponents created during the VIS-SENSE project. The collections of screen shotseach contain detailed descriptions of their contents to ensure that visitors canunderstand them.

Videos provides access to videos showing screen casts of visualization components. Thevideos were created for the exhibitions at Vis 2013 and ICT 2013. They containdetailed interaction sequences and speech bubbles explaining them.

Demos A small number of online demos were created during the course of the project.These will be made available or hosted via the project website. The existing TriageWeb Graphs demo will be expanded to include new examples.

The existing Visualization entries in the Results section of the website will be moved tothe new Demos section.

To increase the visibility of the project results, a number of restricted deliverables weremade public by the consortium. Many of the deliverable chapters contain subsequentlypublished material. Thus a small revision was made to some of these documents to ensurethat the papers and not the deliverables are cited when their content is referenced. Thefollowing previously restricted deliverables have been added to the project website:

• D3.1 Specifications of the Network Analytics Algorithms

• D3.2 Correlation Analysis and Abnormal Event Detection Module

• D3.3 Attack Attribution Module

• D4.1 Visual Network Analysis Module

• D4.2 Visual Correlation Analysis Module

• D4.3 Visual Analysis System for Interactive Scalable Analysis



Figure 2.6: The new media section of the VIS-SENSE website


2.2 Website

In addition, the remaining public deliverables have also been added to the website.These are as follows:

• D6.1 Threat Landscape Identification Scenario

• D6.2 BGP Analysis Scenario

• D6.3 VIS-SENSE Framework Evaluation

• D7.1.2 Intermediate Dissemination Report

• D7.1.3 Final Dissemination Report

• D7.4 Report on Standardisation Efforts

The total number of VIS-SENSE deliverables available online is now 18 out of a totalof 29 deliverables. The public summary of the project (the first chapter of D8.4 ProjectFinal Report) will also be added to the website once it has been completed.


3 Accomplished Dissemination Activities

3.1 Dissemination channels and Target groups

According to the VIS-SENSE dissemination strategy, which is described in full detailin Deliverable 7.1.1 - “Initial Dissemination Report”, a great variety of disseminationobjectives has been identified and targeted in the duration of the VIS-SENSE project.To begin with, one of the main objectives was to disseminate the project concept, visionand the novel methods that will be developed to the widest possible academic, indus-trial audience, as well as interested stakeholders. By doing so, the public awareness andacceptance of new and emerging techniques against cybercrime is raised, a fact whichenhances Internet security in the users’ working and home environment. In addition tothese objectives, an additional target was to acquire feedback from experts from all thescientific fields that are related to the VIS-SENSE work, i.e. Information Communica-tions Technology (ICT), Internet Security and Information Visualization. This inboundfeedback allows the VIS-SENSE consortium to take advantage of any fruitful commentsfor the refinement of the ongoing research and development activities as well as to ac-quire a reliable validation of the produced results and assess their acceptance by theacademic and industrial community.

Towards this end, a wide variety of bidirectional communication channels have beenutilized by the VIS-SENSE consortium during the third year of the project:

• Presentation of scientific papers in international, well-reputed confer-ences/workshops/symposia. The results of the proposed solutions, as well asthe technical details, are disseminated using this channel. The papers are after-wards publicly available through the conference proceedings, a fact which greatlyenhances the dissemination procedure. It must be noted that the papers’ accep-tance can be a straightforward indicator of unbiased evaluation of the VIS-SENSEaccomplishments in the corresponding technological fields.

• Publication of scientific papers in international journals. Paper publica-tions in journals provide a more extensive insight to the methodologies and tech-niques introduced in the context of VIS-SENSE. Again, as it was underlined inthe case of conference publications, the acceptance of papers in journals can be

18

3.1 Dissemination channels and Target groups

interpreted as a method of evaluation and assessment of the impact of VIS-SENSEto the network security domain.

• Publication of non-scientific material. The consortium has also achieved anumber of non-scientific publications in online and print media. These publicationswere written by professional journalists on the basis of interviews with VIS-SENSEparticipants. They are aimed at the general public, but also at business peopleworking the the security domain.

• Guest Presentations. This communication channel involves the presentation ofVIS-SENSE goals and results to invited guests. It enables the consortium to raiseawareness about VIS-SENSE in a targeted fashion. Generally, the focus is on thebig picture, rather than on technical details.

• Participation in international fairs and exhibitions in the area of infor-mation technology. These events provide the opportunity to increase awarenessof VIS-SENSE not only in industry, but also among the general public.

• Participation in Security events. These events allow for the exchange of re-search ideas and knowledge between researchers and experts. They also provide adirect communication with the European policy makers.

• Bachelor/Master/PhD theses. The provision of bachelor/Master/PhD theseson the technological field of VIS-SENSE, allows for the dissemination of the projectapproaches to the respective academic institutions, utilizing the educational pro-cedures.

The aforementioned communication channels have been adequately chosen in order toaccommodate the exchange of knowledge with the main dissemination target groups:

• End users. This group refers to network security analysts engaged in the mon-itoring, detection and study of Internet threats from different positions, such as:i) Internet Service Providers (ISPs), ii) network administrators of large organiza-tions, iii) Internet security companies, iv) Internet administrative authorities, e.g.Internet Routing Registries (IRRs), v) Internet security researchers.

• Industry. This group refers to both producers and consumers of network securityproducts. The main goal is to promote and position the VIS-SENSE innovations,in terms of new techniques and approaches against cyber-attacks, and thus, lever-age the VIS-SENSE approaches to a successful commercial solution. Hence, the



establishment of connections with the Internet security industry as well as with thetelecommunication players, facilitates the impact of VIS-SENSE on the relevantbusiness and market areas.

• Researchers. This group refers to audience from both the visual analytics andnetwork security communities. These communities could utilize the VIS-SENSEplatform for the benefits of their studies on network security. Furthermore, theycould provide valuable feedback regarding the principles, quality and influence ofthe VIS-SENSE accomplishments.

• Legislative/Regulatory bodies. This group refers specifically to those involvedin network security policy generation and law enforcement. The main goal is toinform the public legislative authorities about the new security solutions employedby VIS-SENSE, and how these solutions could be used to improve the overallInternet security.

• Academia. The research and development results of the VIS-SENSE project canbe utilized by academic institutions for educational purposes, since they providesignificant contribution to cutting-edge technological issues of profound scientificinterest. Thus, the VIS-SENSE knowledge can be used by educational institutionsfor the purpose of enriching the material of the courses, or even create new, whileit can also form the basis of bachelor, master and PhD theses.

• Other European projects. The transfer of knowledge and experience withinthe whole set of the European projects in overlapping fields is a primary requisiteof the VIS-SENSE dissemination activities, so as to enhance the required unity ofthe European research taskforce and increase the scientific impact of VIS-SENSE.

• The interested public. Given the profound proliferation of Internet concerningall the aspects of everyday life, any issues and findings related to Internet securityraise the majority of the public interest, including individuals that are not directlyinvolved in the affected sectors.

3.2 List of Dissemination Activities

This section presents a detailed description of the exact dissemination activities that havebeen accomplished by VIS-SENSE partners, during the third year of the project. Thedescribed activities are categorized according to the utilized communication channels.Furthermore, information is provided with respect to the composition of the audience in



each activity, in reference to the target groups that have been identified by VIS-SENSE.Moreover, for ease of reading, a list of the third year dissemination activities is providedin Tables 3.1 and 3.2, where the dissemination activities are grouped by partners’ nameand then sorted chronologically.

3.2.1 Participation in International Fairs/Exhibitions

Participation in the CeBIT exhibition. The VIS-SENSE research and developmentresults were presented during the exhibition “Centrum fur Beroautomation, Informa-tionstechnologie und Telekommunikation (CeBIT) 2013 ”, which was organized by theDeutsche Messe AG. The presentation of the VIS-SENSE project was realized throughthe IGD stand and it entailed the demonstration of software tools that have been devel-oped for the purposes of the VIS-SENSE project. It should be mentioned that CeBIT isconsidered as the world’s largest exhibition in the field of information technology, whileit is also considered as the exhibition with the most international attributes in this field,in terms of both the participating exhibitors and the visitors. It is indicatively notedthat the CeBIT 2013 exhibition entailed approximately 280.000 visitors.

• Location: Hannover, Germany

• Date: March, 5-9, 2013

• Partner Involved: IGD

• Level: International

• Audience: End-users, Industry, Researchers, Academia, Interested Public

Participation in the VisWeek 2012 exhibition. The VIS-SENSE research and devel-opment results were presented in the VisWeek 2012 exhibition, which is part of theVisWeek conference. This exhibition is organized by the “IEEE Computer Society Vi-sualization and Graphics Technical Committee”. The presentation of the VIS-SENSEproject was realized by means of videos and interactive demos, while project flyers werealso distributed. It should be noted that the VisWeek conference has more than 1000attendants.

• Location: Seattle, WA, USA

• Date: October, 16-18, 2012






Participation in the ICT 2013 exhibition. The VIS-SENSE research and developmentresults were successfully presented during the exhibition “Information CommunicationsTechnology (ICT) 2013 ”, which was organized by the European Commission. The pre-sentation of the VIS-SENSE project was realized through a VIS-SENSE stand and itentailed the demonstration of software tools that have been developed for the purposesof the VIS-SENSE project. It should be noted that the approximate number of visitorsfor this exhibition is around 4,500.

• Location: Vilnius, Lithuania

• Date: November, 6-8, 2013

• Partner Involved: IGD, Symantec, UKON

• Level: European


Participation in the Vis 2013 exhibition. The VIS-SENSE research and developmentresults were presented in the Vis 2013 exhibition, which is part of the Vis 2013 confer-ence (formerly known as VisWeek). This exhibition is organized by the “IEEE ComputerSociety Visualization and Graphics Technical Committee”. The presentation stand en-tailed videos and interactive demos, while project flyers were also distributed. It shouldbe noted that Vis 2013 had more than 900 participants.

• Location: Atlanta, GA, USA

• Date: October, 15-17, 2013






3.2.2 Paper Presentation in Conferences/Workshops/Symposia

Paper presentation at the “International Symposium on Computer and InformationSciences”. The paper “A Novel Unsupervised Method for Securing BGP against Rout-ing Hijacks”, which is written by G. Theodoridis, O. Tsigkas and D. Tzovaras, waspresented at the “27th International Symposium on Computer and Information Sciences(ISCIS 2012)” [8]. In this paper, a BGP hijack detection mechanism is introduced thatis developed upon the extraction of two novel features related to the frequency of appear-ance and the geographic deviation of each intermediate AS towards a given destinationcountry. Moreover, the technique is tested under a real-world case of BGP hijack andthe efficiency of the features and the corresponding proximity measures is assessed. Itis proven that the proposed approach is capable of decisively capturing such events ofmalicious routing path anomalies. It is worth noting that the work included in thispaper has been carried out completely within the VIS-SENSE framework and it hasbeen documented in the corresponding deliverables. ISCIS 2012 is a refereed conferenceand its proceedings are published by Springer in a special issue of the Lecture Notes inElectrical Engineering (LNEE) series.

• Location: Paris, France

• Date: October, 3-4, 2012

• Partner Involved: CERTH/ITI


• Audience: End-users, Industry, Researchers, Academia

Paper presentation at the “IEEE Symposium on Visual Analytics Science and Tech-nology”. The paper “BANKSAFE: A Visual Situational Awareness Tool for Large-Scale Computer Networks”, written by F. Fischer, J. Fuchs, F. Mansmann and D. A.Keim, was presented at the “IEEE Symposium on Visual Analytics Science and Technol-ogy 2012 (VAST Challenge 2012)”, which is organized within the framework of VisWeek2012 [2]. According to this paper, given the reliance of businesses, public institutionsand individuals on large computer networks, maintaining their security becomes essentialto ensure integrity. Thus, in order to achieve situational awareness, the BANKSAFEframework is developed, which is a scalable, distributed and web-based visualizationsystem to analyze health monitoring data and security datasets. It must be underlinedthat the aforementioned study, which entails research and development work carried out



within the VIS-SENSE project, won the “VAST 2012 Challenge Award: Outstandingcomprehensive submission, including multiple vizes”.


• Date: October, 15, 2012

• Partner Involved: UKON



Paper presentation at the “Symposium on Visualization for Cyber Security”. Thepaper “VisTracer: A Visual Analytics Tool to Investigate Routing Anomalies in Tracer-outes”, which is written by F. Fischer, J. Fuchs, P.-A. Vervier, F. Mansmann and O.Thonnard, was presented at the “9th Symposium on Visualization for Cyber Security(VizSec 2012)” [5]. The VisTracer is a visual analytics tool, which represents analysisresults that are acquired through the implementation of anomaly detection algorithmson large traceroute data sets. To this end, several scalable representations are introducedin order to support the analyst to explore, identify and analyze suspicious events andtheir relations to malicious activities. It must be underlined that VisTracer has evolvedfrom the efficient integration of the network analytics methodologies that have been de-veloped by SYM with the visualization approaches proposed by UKON for the particularpurposes of BGP anomaly detection, as pursued within the VIS-SENSE framework. Asfar as VizSec 2012 is concerned, it must be unerlined that it is an refereed conferencethat raises international scientific interest and taskforce in the specific area of security-related visualizations. Hence, it is an excellent, if not unique, opportunity to addressthe VIS-SENSE concept and innovations to experts of this multi-disciplinary domain.Moreover, it worth noting that VizSec will be held in conjunction with VisWeek 2012,which is considered as one of the most prestigious events in the field of visualizationtechnologies, allowing the VIS-SENSE project to be communicated to stakeholders fromthe whole range of the visualization domain to exchange their experience and knowledge.



• Partner Involved: UKON, SYM





Paper presentation at the “Symposium on Visualization for Cyber Security”. Thepaper “Visual Spam Campaigns Analysis Using Abstract Graphs Representation”, whichis written by O. Tsigkas, O. Thonnard and D. Tzovaras, was presented at the “9th

Symposium on Visualization for Cyber Security (VizSec 2012)” [17]. This work presentsa visual analytics tool introducing a new kind of graph visualization that exploits thenodes’ degree to provide a simplified and more abstract, yet accurate, representation ofthe most important elements of a security data set and their inter-relationships. Theproposed visualization technique is designed to address two primary shortcomings ofexisting graph visualization techniques: scalability of visualization and comprehensibilityof results. In this respect, the main goal of the presented visual analytics tool is toprovide security analysts with an effective way to reason interactively about variousattack phenomena orchestrated by cyber criminals. The use of the tool is demonstratedon a large corpus of spam emails, by visualizing spam campaigns performed by spambotnets. In particular, the analysis is focused on spam sent in March 2011 to understandthe impact of the Rustock takedown on the botnet ecosystem. This paper, which presentsresearch and development work that has been included in the VIS-SENSE deliverables,combines both network analytics and visualization analysis into an efficient integratedvisual analytics approach.



• Partner Involved: CERTH/ITI, SYM



Paper presentation at the “International Conference on Mathematical Methods,Models, and Architectures for Computer Network Security”. The paper “Limita-tion of Honeypot/Honeynet Databases to Enhance Alert Correlation”, which is writtenby Y. B. Mustapha, H. Debar and G. Jacob, was presented at the “6th InternationalConference on Mathematical Methods, Models, and Architectures for Computer NetworkSecurity (MMM-ACNS 2012)” [12]. This paper explores four honeypot databases thatcollect information about malware propagation and security information about web-based server role, including also the data gathered through the VIS-SENSE honeynetinfrastructure. Based on this information an evaluation of the exploitation of thesedatabases is performed regarding the correlation of local alerts with global knowledge,



which also refers to the correlation analysis of network threats that is performed withinthe VIS-SENSE framework. MMM-ACNS 2012 is a refereed conference and its pro-ceedings are published by Springer in a special issue of the Computer CommunicationNetworks and Telecommunications subseries of the Lecture Notes in Computer Science(LNCS).

• Location: St. Petersburg, Russia

• Date: October, 17-20, 2012

• Partner Involved: IT



Paper presentation at the “Annual Computer Security Applications Conference”.The paper “One Year of SSL Internet Measurement”, which is written by O. Levillain,A. Ebalard, B. Morin and H. Debar, was presented at the “2012 Annual Computer Se-curity Applications Conference (ACSAC 2012)” [11]. This research activity is directlyconnected to the VIS-SENSE use case “visualization of the Internet threat landscape”.The impact of bad certificates on web threats has risen since the beginning of VIS-SENSE, with a set of security incidents and cryptography-related issues (e.g. the breakof the Microsoft authentication code mechanism by the FLAME malware). The possibledeployment of bad certificate to lure users, and the systematic analysis of this informa-tion, provides useful data to complement HARMUR. ACSAC 2012 is an internationalrefereed conference.

• Location: Orlando, FL, USA

• Date: December, 3-7, 2012

• Partner Involved: IT





Paper presentation at the “International Conference on Cryptology and Network Se-curity”. The paper “Analysis of Rogue Antivirus Campaigns Using Hidden Structuresin k-partite Graphs”, which is written by O. Tsigkas and D. Tzovaras, was presented atthe “11th International Conference on Cryptology and Network Security (CANS 2012)”[18]. Among the various malicious activities of cyber-criminals, rogue security softwarecampaigns have evolved into one of the most lucrative criminal operations on the In-ternet. In this paper, a novel method is presented to analyze rogue security softwarecampaigns, by studying a number of different features that are related to their oper-ation. Contrary to existing data mining techniques for multivariate data, which aremostly based on the definition of appropriate proximity measures on a per-feature basisand data fusion techniques to combine per-feature mining results, the proposed techniquetakes advantage of the structural properties of the k-partite graph formed by consider-ing the natural interconnections between objects of different types. The results of theanalysis of rogue security software campaigns are further assessed by a visual analysistool and their accuracy is documented.

• Location: Darmstadt, Germany,

• Date: December 12-14, 2012




Paper presentation at the “IEEE International Traffic Monitoring and Analysis Work-shop 2013 (TMA)”. The paper “SpamTracer: How Stealthy Are Spammers?”, whichis written by Pierre-Antoine Vervier and Olivier Thonnard, was presented at the “5thIEEE International Traffic Monitoring and Analysis Workshop” [19]. This paper ex-amines the relationship between BGP hijacking and spam activity in the internet. Theproceedings of the IEEE International Traffic Monitoring and Analysis Workshop 2013were published by IEEE conference proceedings.

• Location: Turin, Italy

• Date: April 14-19, 2013

• Partner Involved: Symantec





Paper presentation at the “Conference on Human Factors in Computing Systems”.The paper “Evaluation of Alternative Glyph Designs for Time Series Data in a SmallMultiple Setting”[7], which is written by J. Fuchs, F. Fischer, F. Mansmann, E. Bertiniand P. Isenberg., was presented at the “Conference on Human Factors in ComputingSystems 2013 (CHI 2013)”. This paper presents the results of a controlled experimentto investigate the performance of different temporal glyph designs in a small multiplesetting. The results showed that depending on tasks and data density, the chosen glyphsperformed differently. It should be noted that this paper received a Honorable MentionAward from the organizers of the conference. The proceedings of the CHI 2013 areavailable by the ACM digital library.

• Location: Paris, France

• Date: May 1-2, 2013



• Comments: Honorable Mention Award


Paper presentation at the “13th German IT Security Congress”. The article “Vi-sual Analytics zur Firewall-Konfiguration und Analyse von Netzwerkverkehr” [4], whichis written by F. Fischer, J. Fuchs, F. Mansmann and D. A. Keim, was presented atthe “13th German IT Security Congress”, which is organized by the Federal Office forInformation Security. This article introduces the visual analytics approach and showcasetwo successful applications with novel visualization techniques for firewall configurationand network traffic analysis.

• Location: Bonn, Germany

• Date: May 14-16, 2013


• Level: National




Paper presentation at the “International Workshop on Cyber Crime (IWCC 2013)”.The paper “Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations”,which is written by Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Davide Balzarotti,and Aurelien Francillon, was presented at the “International Workshop on Cyber Crime(IWCC 2013)”, which is co-located with the “34th IEEE Symposium on Security andPrivacy (IEEE S&P 2013)” [9]. This paper examines the Nigerian scam, which is a pop-ular form of fraud in which the fraudster tricks the victim into paying a certain amountof money under the promise of a future, larger payoff. The proceedings of the Inter-national Workshop on Cyber Crime (IWCC 2013) were published by IEEE conferenceproceedings.

• Location: San Francisco, CA, USA

• Date: May 24, 2013




Paper presentation at the “International Conference on Digital Signal Processing(DSP)”. The paper entitled “BGPViewer: Using Graph representations to exploreBGP routing changes”, which is written by S. Papadopoulos, K. Moustakas, and D.Tzovaras, has been presented at the “10th International Conference on Digital SignalProcessing (DSP 2013)” [13]. This paper examines the use of graph representation of theBGP activity, so as to detect and attribute BGP anomalies. It provides two graph view,the AS (Autonomous System) level and the Country level. The analytical potential ofthe proposed approach is demonstrated by detecting previously known BGP anomalies.

• Location: Santorini, Greece

• Date: July 1-3, 2013






Paper presentation at the “IEEE VIS 2013”. The paper “VACS: Visual AnalyticsSuite for Cyber Security - Visual Exploration of Cyber Security Datasets”, which iswritten by F. Fischer and D. A. Keim, was presented at the “VAST Challenge Work-shop at IEEE VIS 2013 ” [6]. The paper introduces a novel Visual Analytics Suite forCyber Security (VACS) to visually explore the given datasets using a combination ofdifferent visual representations. The main focus of the paper was to address the cybersecurity challenge of the VAST Challenge 2013. The proceedings of the VAST ChallengeWorkshop 2013 were published by IEEE conference proceedings.

• Location: Atlanta, USA

• Date: 13-18 Oct, 2013




Paper presentation at the “Symposium on Visualization for Cyber Security (VizSec)”.The paper entitled “BGPfuse: Using visual feature fusion for the detection and attri-bution of BGP anomalies” [14], which is written by S. Papadopoulos, G. Theodoridis,D. Tzovaras, has been presented at the “18th Symposium on Visualization for CyberSecurity (VizSec 2013)”, which is part of the Vis 2013 conference. This paper examinesthe use of visual feature fusion for the combination of multiple BGP features. The enduser is able to detect and attribute BGP anomalies that are characterized by multiplemetrics.

• Location: Atlanta, Georgia, USA

• Date: October 14, 2013



• Audience: End-users, Industry, Researchers, Academia, Authorities



3.2.3 Paper Publications in Journals

Paper publication at the “Security and Communication Networks”. The paper “Spam-mers Operations: A Multifaceted Strategic Analysis”, which is written by O. Thonnard,P.-A. Vervier and M. Dacier, was published at the Wiley, “Security and CommunicationNetworks” [16]. This paper explores several facets of spammers’ operations. First, theinterconnections between spam botnets that are used by spammers for sending unso-licited email in bulk through spam campaigns are investigated. Moreover, a conjectureabout the so-called “fly-by spammers”, i.e. or spammers hijacking unused IP space tosend spam in a stealthy way, is studied. Finally, focusing on a real use-case scenario,the impact of the Rustock takedown on the botnet ecosystem is examined through anin-depth analysis of real spam data.

• Date: October, 2012




Paper publication at the “IEEE Network Magazine”. The paper “Visual Analyticsfor BGP Monitoring and Prefix Hijacking Identification”, which is written by E. Bier-sack, Q. Jacquemart, F. Fischer, J. Fuchs, O. Thonnard, G. Theodoridis, D. Tzovaras,P.-A. Vervier, was published at the “IEEE Network Magazine - Special Issue on Com-puter Network Visualization” [1]. This paper provides a survey of the most prominentvisualization methods that have been developed for BGP monitoring, focusing on theparticular tools that have been designed for the identification of prefix hijacks. More-over, as one of the paper’s primary goals, it is illustrated how network visualizationhas the potential to assist an analyst in detecting abnormal routing patterns in massiveamounts of BGP data. Furthermore, an analysis of a real validated case of prefix hi-jacking is described thoroughly, along with a proposed combined network analytics andvisualization methodology for facilitating the detection and assessment of such BGPsecurity incidents. It is worth noting that this study encompasses significant part ofthe extensive research and development work that has been performed within the VIS-SENSE project (State-of-the-Art analysis, novel network analytics methodologies forefficient BGP anomaly discovery and novel visualization techniques for effective identi-fication of the voluminous data), in order to achieve the challenging task of enhancingBGP hijacking reliable detection and attribution.



• Date: November/December, 2012

• Partner Involved: EURECOM, UKON, Symantec, CERTH



Paper publication at the “Computer Communication Review Journal”. The paper“A forensic case study on as hijacking: the attacker’s perspective” [15], written bySchlamp, J., Carle, G. and Biersack, E.W., was published at the “ACM SIGCOMMComputer Communication Review Journal, Volume 43 Issue 2 ” on April 2013. This pa-per introduces a system which (i) identifies hijacks using BGP, traceroute and IRR dataand (ii) investigates traffic originating from the reported networks with spam and netflowdata. It also presents a real case where suspicious BGP announcements coincided withspam and web scam traffic from corresponding networks and shows that a correlationof suspicious routing events with malicious activities is insufficient to evidence harmfulBGP hijacks.

• Date: April, 2013

• Partner Involved: EURECOM



Paper publication at the “Information Visualization Journal”. The paper entitled“BANKSAFE: Visual analytics for big data in large-scale computer networks” [3], writ-ten by F. Fischer, J. Fuchs, F. Mansmann and D. A. Keim, was published at the “In-formation Visualization Journal” on June 2013. According to this paper, given thereliance of businesses, public institutions and individuals on large computer networks,maintaining their security becomes essential to ensure integrity. Thus, in order to achievesituational awareness, the BANKSAFE framework is developed, which is a scalable, dis-tributed and web-based visualization system to analyze health monitoring data andsecurity datasets. It must be underlined that the aforementioned study, which entailsresearch and development work carried out within the VIS-SENSE project, won the“VAST 2012 Challenge Award: Outstanding comprehensive submission”.

• Date: June, 2013






3.2.4 Publication of non-scientific material

Online article at “InnoVisions”. The article “Brille fur grobe Daten: Mit Visual An-alytics Sicherheitsfragen losen” (“Big-Data Spectacles: Solve Security Problems withVisual Analytics”)[21], written by Stephan Wengenroth, was published at the “Inno-Visions Journal” on March 2013. This paper examines the use of visual analytics toidentify network attack strategies and identify security-related events. The “InnoVisionsJournal” is distributed by means of a web magazine.

• Date: March, 2013


• Level: National

• Audience: End-users, Industry

Online article at “InnoVisions”. The article “Besserer Einblick ins Webgeschehen: Vi-sual Analytics macht Internetangriffe verstehbar” (“Improved Insights into Web-Events:Visual Analytics makes Internet Attacks understandable”)[20], written by Stephan Wen-genroth, was published at the “InnoVisions Journal” on May 2013. This paper examinesthe use of visual analytics tools, to support security experts by enabling them to iden-tify and comprehend the distribution and modus operandi of suspicious activities on theInternet. The “InnoVisions Journal” is distributed by means of a web magazine.

• Date: May, 2013


• Level: National




Online article at “InnoVisions”. The article “Ins Auge gefasst: Visual Analytics machtBotnetze offensichtlich” (“Eye Catching: Visual Analytics makes Bot Nets palpable”)[10],written by Andreas Kunkel, was published at the “InnoVisions Journal” on October2013. This paper exploits the human perceptual ability by means of visual analytics in-terfaces, so as to and identify criminal activities in the general data flow of the Internet.The “InnoVisions Journal” is distributed by means of a web magazine.

• Date: October, 2013


• Level: National


3.2.5 Participation in Security Events

Participation in the “Effectsplus Open Communications Event”. The VIS-SENSEwork has been presented in the “Effectsplus Open Communications” event, organizedby “The Effectsplus Consortium”. The main theme of the event was IT security for e-commerce. EU research project representatives attend this event in order to: 1) provideinformation on the trust and security project clustering activities, 2) provide the op-portunity to link with newly funded trust and security research projects and form newcollaborations, and 3) provide active projects with a valuable opportunity to providefeedback on previous clustering activities and voice their opinion on future potentialtopical workshops of interest.

• Location: Brussels, Belgium

• Date: February 2, 2013


• Level: European


Participation in the “InnoVisions Days IT-Security Tag ”. The VIS-SENSE workhas been presented in the “InnoVisions Days IT-Security Tag ” event, which has asits main topic “IT security for e-commerce”. This event is organized by the German“E-Commerce and Distance Selling Trade Association (bvh)”, and “Fraunhofer IuK”.



The involved parters showed the applicability of VIS-SENSE results to e-commerce ap-plications.

• Location: Nuremburg, Germany

• Date: October 8, 2013


• Level: National


Participation in the “RIPE 67 event”. The VIS-SENSE work has been presented toan audience of premium interest, in a an event organized in Greece “RIPE 67 ”. TheRIPE event os a five-day event where where Internet Service Providers (ISPs), networkoperators and other interested parties gather to discuss issues of interest to the Internetcommunity. This event had more than 450 participants in 2013.

• Location: Athens, Greece

• Date: October 14-18, 2013




3.2.6 Guest Presentations

Presentation of VIS-SENSE methodologies to the “Head of Unit Future Networks”The VIS-SENSE work have been presented to the “Head of Unit Future Networks”, Mr.Luis Rodriguez-Rosello, at Fraunhofer IGD, so as to investigate the potential for transferof the technology to other domains.

• Location: Darmstadt, Germany

• Date: April, 4, 2013


• Audience: Industry, Authorities



Presentation of VIS-SENSE methodologies to representatives from “Singapore NanyangTechnological University” The VIS-SENSE work have been presented to representa-tives from “Singapore Nanyang Technological University” at Fraunhofer IGD. The aca-demic value of the results was discussed, as well as possible open challenges / possibilitiesfor cooperation.

• Location: Darmstadt, Germany

• Date: September, 23, 2013


• Audience: Researchers, Academia

3.2.7 Educational activities

Bachelor’s Thesis. Philipp Roskosch has acquired a Bachelor’s Degree in the researcharea of “Dynamic Sampling Using Degree of Interest for the Exploration of Very LargeMatrices”. The work of Philipp Roskosch has been utilized in VIS-SENSE to provideinteractive visual exploration of dense matrices. More particularly, a technique for thevisual exploration of large, dense similarity matrices is presented in this bachelor thesis.It enables the comparison of several dimensions of a multivariate dataset. Data arereduced using sampling methods for the purposes of visualization. Access times increasedramatically as matrix sizes increase, which is problematic for interaction. Thus, anumber of database management systems are considered and access times are comparedfor different sizes of matrix.

• Date: February, 2013


• Level: National


Bachelor’s Thesis. Maximilian Pohst has acquired a Bachelor’s Degree in the researcharea of “Definition of an Evaluation Process for Domain-Specific Visual Analytics So-lutions”. The work of Philipp Roskosch focused on the evaluation of complex softwaresystems. Traditional approaches in information visualization are generally focused onlaboratory environments in which very specific aspects of a system are rigorously eval-uated. This is problematic for visual analytics, since the goal here is to combine many



techniques for the solution of problems. The evaluation of the systems as a whole isnecessary. Furthermore, visual analytics solutions are often aimed at very specific, smallgroups of domain experts. These experts do not have time for long, arduous experi-ments. In this thesis current methods are explored with these constraints in mind. Aproposal is then formulated for the evaluation and validation of visual analytics solutionsthroughout the implementation process.

• Date: November, 2013


• Level: National




Activity Type / Event Place Date PartnerInvolved

Participation in the VisWeek 2012 exhibition Seattle, WA, USA October,16-18, 2012

IGD

Participation in the “Effectsplus OpenCommunications Event”

Brussels, Belgium February 2,2013

IGD

Bachelor’s Thesis February,2013

IGD

Participation in the CeBIT exhibition Hannover,Germany

March, 5-9,2013

IGD

Online article on “InnoVisions” March, 2013 IGD

Guest presentation at the “Head of UnitFuture Networks”

Darmstadt,Germany

April, 4, 2013 IGD

Online article on “InnoVisions” May, 2013 IGD

Guest presentation at the “SingaporeNanyang Technological University”

Darmstadt,Germany

September,23, 2013

IGD

Participation in the “InnoVisions DaysIT-Security Tag”

Nuremburg,Germany

October 8,2013

IGD

Participation in the Vis 2013 exhibition Atlanta, GA, USA October,15-17, 2013

IGD

Online article on “InnoVisions” October,2013

IGD

Participation in the ICT 2013 exhibition Vilnius, Lithuania November,6-8, 2013

IGD,Symantec,UKON

Bachelor’s Thesis November,2013

IGD

Paper presentation at the “InternationalSymposium on Computer and InformationSciences”

Paris, France October, 3-4,2012

CERTH/ITI

Paper presentation at the “Symposium onVisualization for Cyber Security (VizSec)”

Seattle, WA, USA October, 15,2012

CERTH/ITI,Symantec

Paper presentation at the “InternationalConference on Cryptology and NetworkSecurity”

Darmstadt,Germany,

December12-14, 2012

CERTH/ITI

Table 3.1: Dissemination activities accomplished in the third year of VIS-SENSE



Activity Type / Event Place Date PartnerInvolved

Paper presentation at the “10th InternationalConference on Digital Signal Processing”

Santorini, Greece July 1-3,2013

CERTH/ITI

Paper presentation at the “18th Symposiumon Visualization for Cyber Security (VizSec)”

Atlanta, GA, USA October 14,2013

CERTH/ITI

Paper presentation at the “IEEE Symposiumon Visual Analytics Science and Technology(VAST)”


UKON

Paper presentation at the “Symposium onVisualization for Cyber Security (VizSec)”


UKON,Symantec

Paper presentation at the “Conference onHuman Factors in Computing Systems”

Paris, France May 1-2,2013

UKON

Paper presentation at the “13th German ITSecurity Congress”

Bonn, Germany May 14-16,2013

UKON

Paper publication at the “InformationVisualization Journal”

June, 2013 UKON

Paper presentation at the “IEEE VIS 2013” Atlanta, GA, USA 13-18 Oct,2013

UKON

Paper presentation at the “InternationalConference on Mathematical Methods,Models, and Architectures for ComputerNetwork Security”

St. Petersburg,Russia

October,17-20, 2012

IT

Paper presentation at the “Annual ComputerSecurity Applications Conference”

Orlando, FL, USA October,December,3-7, 2012

IT

Paper publication at the “Security andCommunication Networks Journal”

October,2012

Symantec

Paper presentation at the “IEEEInternational Traffic Monitoring andAnalysis Work-shop (TMA)”

Turin, Italy April 14-19,2013

Symantec

Participation in the “RIPE 67 event” Athens, Greece October14-18, 2013

Symantec

Paper publication at the “IEEE NetworkMagazine”

November /December,2012

EURECOM,UKON,Symantec,CERTH

Paper publication at the “ComputerCommunication Review Journal”

April, 2013 EURECOM

Table 3.2: Dissemination activities accomplished in the third year of VIS-SENSE


4 Conclusions

This deliverable provides an exhaustive analysis of the dissemination roadmap, followedby the VIS-SENSE consortium during the third year of the project. The exact ele-ments that are utilized in order to disseminate the VIS-SENSE activities, and transferknowledge and experience to all interested parties, are discussed in detail in this report.

Specifically, this deliverable provides a consolidated list of the identified target groupsand the deployed communication channels that have been utilized during the third yearof the project. In addition, the whole set of the dissemination activities that have beenrealized during the third year of the VIS-SENSE are described in full detail, with respectto the utilized communication channels, as well as the target groups.

As far as the VIS-SENSE dissemination material is concerned, the deliverable providesa detailed description of relevant dissemination artefacts. In particular, the revisedflyer, a banner and the modifications to the website were presented. These changes arefocussed not only on dissemination within the final year of the project, but also on thedissemination activities which will continue after the conclusion of the projects. Thepartners are well equipped to begin there post-project dissemination and exploitationactivities.

40

Bibliography

[1] E. Biersack, Q. Jacquemart, F. Fischer, J. Fuchs, O. Thonnard, G. Theodoridis,D. Tzovaras, and P.-A. Vervier. Visual analytics for bgp monitoring and prefixhijacking identification. IEEE Network Magazine - Special Issue on Computer Net-work Visualization, 26(6):33–39, 2012.

[2] F. Fischer, J. Fuchs, F. Mansmann, and D. A. Keim. Banksafe: A visual situationalawareness tool for large-scale computer networks. In Proceedings of the IEEE Sym-posium on Visual Analytics Science and Technology 2012 (VAST Challenge 2012),October 2012.

[3] F. Fischer, J. Fuchs, F. Mansmann, and D. A. Keim. Banksafe: Visual analyticsfor big data in large-scale computer networks. Information Visualization Journal,June 2013.

[4] F. Fischer, J. Fuchs, F. Mansmann, and D. A. Keim. Visual analytics zur firewall-konfiguration und analyse von netzwerkverkehr. In Proceedings of the 13th GermanIT Security Congress, May 2013.

[5] F. Fischer, J. Fuchs, P.-A. Vervier, F. Mansmann, and O. Thonnard. Vistracer: Avisual analytics tool to investigate routing anomalies in traceroutes. In Proceedingsof the 9th Symposium Visualization for Cyber Security (VizSec 2012), October 2012.

[6] F. Fischer and D. A. Keim. Vacs: Visual analytics suite for cyber security - visualexploration of cyber security datasets. In Proceedings of the IEEE VIS 2013, Oct2013.

[7] J. Fuchs, F. Fischer, F. Mansmann, E. Bertini, and P. Isenberg. Evaluation of alter-native glyph designs for time series data in a small multiple setting. In Proceedingsof the Conference on Human Factors in Computing Systems (CHI 2013), May 2013.

[8] O. T. G. Theodoridis and D. Tzovaras. A novel unsupervised method for securingbgp against routing hijacks. In Proceedings of the 27th International Symposium onComputer and In- formation Sciences (ISCIS 2012), October 2012.

41

Bibliography

[9] J. Isacenkova, O. Thonnard, A. Costin, D. Balzarotti, and A. Francillon. Insidethe scam jungle: A closer look at 419 scam email operations. In Proceedings of theInternational Workshop on Cyber Crime (IWCC 2013), May 2013.

[10] A. Kunkel. Ins auge gefasst: Visual analytics macht botnetze offensichtlich. Inno-Visions Journal, Oct 2013.

[11] O. Levillain, A. Ebalard, B. Morin, and H. Debar. One year of ssl internet mea-surement. In Proceedings of the 2012 Annual Computer Security Applications Con-ference (ACSAC 2012), December 2012.

[12] Y. B. Mustapha, H. Debar, and G. Jacob. Limitation of honeypot/honeynetdatabases to enhance alert correlation. In Proceedings of the 6th International Con-ference on Mathematical Methods, Models, and Architectures for Computer NetworkSecurity (MMM-ACNS 2012), October 2012.

[13] S. Papadopoulos, K. Moustakas, and D. Tzovaras. Bgpviewer: Using graph repre-sentations to explore bgp routing changes. In Proceedings of the 10th InternationalConference on Digital Signal Processing (DSP 2013), July 2013.

[14] D. T. S. Papadopoulos, G. Theodoridis. Bgpfuse: Using visual feature fusion for thedetection and attribution of bgp anomalies. In Proceedings of the 10th Workshopon Visualization for Cyber Security, ACM, Oct 2013.

[15] J. Schlamp, G. Carle, and E. Biersack. A forensic case study on as hijacking:the attacker’s perspective. ACM SIGCOMM Computer Communication ReviewJournal, 43, April 2013.

[16] O. Thonnard, P.-A. Vervier, and M. Dacier. Spammers operations: A multifacetedstrategic analysis. Security and Communication Networks, 2012.

[17] O. Tsigkas, O. Thonnard, and D. Tzovaras. Visual spam campaigns analysis usingabstract graphs representation. In Proceedings of the 9th Symposium Visualizationfor Cyber Security (VizSec 2012), October 2012.

[18] O. Tsigkas and D. Tzovaras. Analysis of rogue antivirus campaigns using hiddenstructures in k-partite graphs. In Proceedings of the 11th International Conferenceon Cryptology and Net- work Security (CANS 2012), December 2012.

[19] P.-A. Vervier and O. Thonnard. Spamtracer: How stealthy are spammers? In Pro-ceedings of the 5th IEEE International Traffic Monitoring and Analysis Workshop,April 2013.


Bibliography

[20] S. Wengenroth. Besserer einblick ins webgeschehen: Visual analytics macht inter-netangriffe verstehbar. InnoVisions Journal, May 2013.

[21] S. Wengenroth. Brille fur grobe daten: Mit visual analytics sicherheitsfragen losen.InnoVisions Journal, March 2013.


d7.1.3 final dissemination report - cordis...tasks: t7.1: vis-sense knowledge dissemination (led by...

Documents