Post on 09-Jul-2020
transcript
SEVENTH FRAMEWORK PROGRAMMEArea ICT-2009.1.4 (Trustworthy ICT)
Visual Analytic Representation of Large Datasetsfor Enhancing Network Security
D7.1.3 Final dissemination report
Contract No. FP7-ICT-257495-VIS-SENSE
Workpackage WP7 – Dissemination / ExploitationAuthor CERTH/ITIVersion 1Date of delivery M38Actual Date of Delivery M38Dissemination level PublicResponsible CERTH/ITIData included from CERTH/ITI, UKON, IT, SYM, EUR, IGD
The research leading to these results has received funding from the European Community’sSeventh Framework Programme (FP7/2007-2013) under grant agreement n°257495.
SEVENTH FRAMEWORK PROGRAMMEArea ICT-2009.1.4 (Trustworthy ICT)
The VIS-SENSE Consortium consists of:
Fraunhofer IGD Project coordinator GermanyInstitut Eurecom FranceInstitut Telecom FranceCentre for Research and Technology Hellas GreeceSymantec Ltd. IrelandUniversitat Konstanz Germany
Contact information:Dr Jorn KohlhammerFraunhofer IGDFraunhoferstraße 564283 DarmstadtGermany
e-mail: joern.kohlhammer@igd.fraunhofer.dePhone: +49 6151 155 646
Contents
1 Introduction 61.1 Purpose of this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.2 Deliverable Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2 Dissemination Material 82.1 VIS-SENSE Leaflets and Banner . . . . . . . . . . . . . . . . . . . . . . . 82.2 Website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3 Accomplished Dissemination Activities 183.1 Dissemination channels and Target groups . . . . . . . . . . . . . . . . . . 183.2 List of Dissemination Activities . . . . . . . . . . . . . . . . . . . . . . . . 20
3.2.1 Participation in International Fairs/Exhibitions . . . . . . . . . . . 213.2.2 Paper Presentation in Conferences/Workshops/Symposia . . . . . 233.2.3 Paper Publications in Journals . . . . . . . . . . . . . . . . . . . . 313.2.4 Publication of non-scientific material . . . . . . . . . . . . . . . . . 333.2.5 Participation in Security Events . . . . . . . . . . . . . . . . . . . 343.2.6 Guest Presentations . . . . . . . . . . . . . . . . . . . . . . . . . . 353.2.7 Educational activities . . . . . . . . . . . . . . . . . . . . . . . . . 36
4 Conclusions 40
3
4
Abstract
This report provides a detailed analysis of all the heterogeneous dissemination activ-ities that have been realized by each VIS-SENSE partner separately or by the consor-tium as a whole, during the project’s third year, in reference to the pivotal dissemina-tion plan and strategy that was defined in the initial dissemination report (Deliverable7.1.1). Specifically, the activities are grouped with respect to the utilized communicationchancels, as well as the groups targeted by each channel. The utilized communicationchances include, but are not limited to: submissions of scientific papers in Conferences/-Workshops/Journals, participation in security events, participation in exhibitions, in-vited presentations, and educational activities.
The revised project flyer is described here, together with the banner developed for thepresentation of VIS-SENSE at exhibitions. This material will also be used for dissemi-nation purposes after the project is finished.
Furthermore, this deliverable also includes descriptions of the relevant updates to theproject website. These updates include a revised presentation of the project publications,a new section containing images, videos and interactive demos as well as the addition ofa significant number of project deliverables. The website has been enhanced to continuethe communication of the VIS-SENSE results to the general public after the conclusionof the project.
1 Introduction
1.1 Purpose of this Document
As it is outlined in the VIS-SENSE Description of Work (DoW), the aim of WP7 Dis-semination / Exploitation, is to identify and deploy the most efficient dissemination andexploitation activities, so as to achieve the following objectives:
1. To bring VIS-SENSE results closer to all interested parties from relevant scientificareas, business and market fields, social cultural and political/legalisation author-ities.
2. To monitor regulatory and standardization activities directly related to the re-search work, in order to assure the overall viability and coherence of the projectresults.
3. To effectively disseminate the outcomes of the research work and build an overallstrategy for the exploitation of results.
4. To ensure a world visibility of the project at a minimal cost
Towards the efficient accomplishments of these goals, the WP7 is divided into fourTasks: T7.1: VIS-SENSE knowledge dissemination (led by CERTH/ITI), T7.2: Dissem-ination material production (led by FhG/IGD), T7.3: Networking and standardization(led by FhG/IGD) and T7.4: Networking and standardization (led FhG/IGD). Specif-ically, this manuscript is part of T7.1, which has as a main purpose the define thepivotal dissemination strategy that will encompass the selection and implementation ofthe most appropriate dissemination activities throughout the project’s duration, so asto accommodate the WP7 objectives listed above. The dissemination strategies andactivities employed by the VIS-SENSE consortium for the total duration of the projectare documented into three deliverables: Deliverable 7.1.1 - Initial Dissemination Report(submitted in month 12), Deliverable 7.1.2 - Intermediate Dissemination Report (sub-mitted in month 24) and Deliverable 7.1.3 - Final Dissemination Report (submitted inmonth 38).
6
1.2 Deliverable Structure
Being more specific, Deliverable 7.1.1, described the exploitation plan, while Deliver-ables 7.1.2 and 7.1.3 presented its application in the second and third year respectively.Particularly, this manuscript includes all the dissemination activities that have been car-ried out during the third year of VIS-SENSE. It should be noted that the accomplisheddissemination activities target a large variety of groups, including scientific (researchers,academia) and business (end-users, industry) community, as well as to the respectivepolicy-makers. Furthermore, since VIS-SENSE combines two different technologicalfields, i.e. information visualization and network security, audience from both areasmust be attracted. Thus, the dissemination channels that the VIS-SENSE consortiumutilized, address both the information visualization and the Internet security sector, aswell as multi-disciplinary approaches.
1.2 Deliverable Structure
The deliverable is organized as follows.Chapter 1 introduces the deliverable, defines its scope and structure.Chapter 2 presents the VIS-SENSE dissemination material, focussing on the revised
VIS-SENSE flyer, the VIS-SENSE banner and the changes made to the website in thefinal project year.
Chapter 3 provides a detailed list of the communication channels, and target groups,that are involved in the dissemination activities accomplished during the third yearof the project. Furthermore, this section also includes a complete list of the exactdissemination activities accomplished in the third and final year, along with additionalinformation regarding the utilized communication channels and target groups for eachactivity.
Finally, in Chapter 4 concludes this deliverable.
FP7-ICT-257495-VIS-SENSE 7
2 Dissemination Material
In this chapter, the work on dissemination material (leaflets and banner) produced forexhibitions, workshops and conferences will be briefly described. In addition, the mod-ifications to the website for the optimal outward representation of VIS-SENSE results.The banner, the leaflets and the website all make use of a similar style, colour and imagesin order to establish and maintain a visual identity for the project.
2.1 VIS-SENSE Leaflets and Banner
As reported in deliverable D7.1.2 Intermediate Dissemination Report, the first VIS-SENSE leaflets were designed by the Fraunhofer IGD PR department. These weredelivered in time for the CeBIT trade fair in Germany (March 2012). They were alsodistributed at numerous subsequent events, including the FIA conference in Aalborg(May 2012), the VisWeek conference in Atlanta (October 2012), and the 2013 CeBITtrade fair in Germany (March 2013).
For the final dissemination activities of the project an update of the leaflets was carriedout. The Fraunhofer IGD PR department modified the contents of the original leafletsto reflect the state of the project. In particular, the focus was laid on describing theexploitable results of the project and how they could benefit their target groups. It alsoincluded commentary on the success stories of the project. The layout of the leaflets wasvery similar to the first design.
The revised VIS-SENSE leaflets were printed in A4 format with typical folds for leafletsof this nature. The front and back views of the leaflets are shown in Figures 2.1 and 2.2.The leaflets were distributed at the Vis 2013 exhibition in Atlanta, Georgia (October2013) and at the ICT 2013 exhibition in Vilnius (November). In addition, the remainingleaflets were distributed to the partners for continuing dissemination activities after theend of the project.
Together with the VIS-SENSE leaflets, a VIS-SENSE banner was also designed bythe Fraunhofer IGD PR department. The banner contained a number of keywords toattract attention to the project’s exhibition stands at Vis 2013 and ICT 2013. It willbe retained by Fraunhofer IGD after the project and shown at appropriate internaland external events in order to increase awareness and visibility of the project after its
8
2.1 VIS-SENSE Leaflets and Banner
VIS
UA
L A
NA
LYTI
CS
FOR
EN
HA
NC
ED N
ETW
OR
K S
ECU
RIT
Y
DE
TE
CT
ION
OF
AB
NO
RM
AL
NE
TW
OR
K B
EH
AV
IOU
R,
AT
TAC
K A
TT
RIB
UT
ION
A
ND
BO
RD
ER
GA
TE
WA
Y P
RO
TO
CO
L A
NA
LYS
IS
CO
OR
DIN
ATO
R:
Dr.
Jö
rn K
oh
lham
mer
Frau
nhof
er IG
D
Frau
nhof
erst
rass
e 5
6428
3 D
arm
stad
t
Ger
man
y
E-m
ail:
joer
n.ko
hlha
mm
er@
igd.
frau
nhof
er.d
e
Phon
e: +
49 6
151
155-
646
Fax:
+49
615
1 15
5-13
9
Web
site
: ww
w.v
is-s
ense
.eu
PAR
TNER
S:
CO
NTA
CT
Inte
rnet
Th
reat
Lan
dsc
ape:
A v
arie
ty o
f da
ta s
ets
have
been
col
lect
ed a
nd a
naly
sed
to e
xplo
re t
he d
istr
ibut
ion
of
mal
war
e, t
he g
row
th o
f bo
tnet
s an
d th
e ev
olut
ion
of s
pam
cam
paig
ns. T
he V
IS-S
ENSE
fra
mew
ork
com
bine
s ad
vanc
ed
data
min
ing
tech
niqu
es w
ith in
nova
tive
visu
aliz
atio
ns t
o pr
o-
vide
ana
lyst
s w
ith in
sigh
ts in
to t
he w
hole
“Sp
am L
ifecy
cle”
.
New
str
ateg
ies
for
mal
war
e pr
opag
atio
n co
uld
be id
entifi
ed
alon
g w
ith in
stan
ces
of b
otne
t co
oper
atio
n in
the
for
m o
f
“out
sour
cing
”.
Oth
er C
ase
Stu
die
s: T
he f
ollo
win
g le
ss in
clus
ive
case
stu
-
dies
hav
e be
en c
ondu
cted
usi
ng t
he V
IS-S
ENSE
fra
mew
ork:
•
Ana
lysi
s of
dat
a co
llect
ed b
y in
trus
ion
dete
ctio
n sy
stem
s
to
aut
omat
ical
ly fi
nd a
nd c
hara
cter
ise
com
mon
intr
usio
n
pa
tter
ns a
nd u
se t
hese
to
prov
ide
situ
atio
n aw
aren
ess.
•
Ana
lysi
s of
logi
n pr
oced
ures
to
char
acte
rise
susp
icio
us o
r
un
auth
oris
ed a
cces
s to
use
r ac
coun
ts.
•
Ana
lysi
s of
SSL
cer
tifi c
ate
hier
arch
ies
deriv
ed f
rom
a s
can
of
the
Inte
rnet
for
the
det
ectio
n of
ano
mal
ies.
Figure 2.1: The front view of the revised VIS-SENSE leaflet
FP7-ICT-257495-VIS-SENSE 9
2 Dissemination Material
The
VIS
-SEN
SE f
ram
ewor
k is
a s
uite
of
visu
aliz
atio
n an
d da
ta-
min
ing
tech
nolo
gies
whi
ch a
ims
to p
rovi
de v
isua
l ana
lytic
s
for
enha
nced
cyb
er s
ecur
ity. B
y co
mbi
ning
the
str
engt
hs o
f
peop
le a
nd c
ompu
ters
the
iden
tifi c
atio
n of
sus
pici
ous
actio
ns
in la
rge
netw
orks
can
be
impr
oved
.
The
VIS
-SEN
SE f
ram
ewor
k ha
s be
en a
pplie
d to
app
licat
ion
area
s ra
ngin
g fr
om n
etw
ork
info
rmat
ion
secu
rity
and
atta
ck
attr
ibut
ion
to a
ttac
k pr
edic
tion
and
the
dete
ctio
n of
BG
P hi
-
jack
ing.
It a
ddre
sses
bot
h th
e ta
ctic
al (m
onito
ring
in r
eal t
ime)
and
stra
tegi
c (lo
ng t
erm
) asp
ects
of
secu
rity.
The
VIS
-SEN
SE f
ram
ewor
k is
the
res
ult
of a
n EU
-fun
ded,
fo-
cuse
d re
sear
ch p
roje
ct in
volv
ing
six
expe
rienc
ed p
artn
ers
from
rese
arch
and
indu
stry
. The
fra
mew
ork
was
con
ceiv
ed a
nd b
uilt
by s
ome
of t
he le
adin
g re
sear
cher
s in
the
fi el
ds o
f vi
sual
ana
-
lytic
s an
d ne
twor
k se
curit
y. It
inco
rpor
ates
the
nex
t ge
nera
ti-
on o
f to
ols
to e
nabl
e th
e in
tera
ctiv
e m
inin
g an
d vi
sual
izat
ion
of la
rge
secu
rity-
rele
vant
dat
a se
ts.
TAR
GET
GR
OU
PS
Tele
com
mu
nic
atio
ns
op
erat
ors
an
d IS
Ps:
The
VIS
-SEN
SE
fram
ewor
k ad
dres
ses
BGP
hija
ckin
g an
d at
tack
att
ribut
ion.
The
rapi
d id
entifi
cat
ion
of m
alic
ious
tra
ffi c
is im
port
ant
for
the
prot
ectio
n of
cus
tom
er n
etw
orks
. The
abi
lity
to w
arn
cust
omer
s ab
out
poss
ible
BG
P hi
jack
ings
wou
ld e
nabl
e
them
to
reac
t qu
ickl
y.
Secu
rity
so
ftw
are
com
pan
ies:
The
VIS
-SEN
SE f
ram
ewor
k
enab
les
thre
at a
nd m
alw
are
anal
ysts
to
iden
tify
crim
inal
cam
paig
ns in
mas
sive
am
ount
s al
erts
. The
str
ateg
ic a
naly
sis
of t
he t
hrea
t la
ndsc
ape
impr
oves
the
ir un
ders
tand
ing
of t
he
mod
us o
pera
ndi o
f at
tack
ers
and
its e
volu
tion
over
tim
e.
Co
mp
ute
r Em
erg
ency
Res
po
nse
Tea
ms
(CER
Ts):
Both
the
tac
tical
and
str
ateg
ic a
naly
sis
of s
ecur
ity d
ata
sets
play
a r
ole
in C
ERT
wor
k. T
he V
IS-S
ENSE
fra
mew
ork
help
s
them
to
resp
ond
mor
e ef
fect
ivel
y to
sec
urity
inci
dent
s bu
t
also
to
rem
ain
info
rmed
of
chan
ges
in t
he a
ttac
k ph
enom
e-
na t
hey
are
mon
itorin
g.
Secu
rity
res
earc
her
s:
Besi
des
usin
g an
d te
stin
g th
e V
IS-S
ENSE
fra
mew
ork
with
thei
r ow
n da
ta s
ets,
res
earc
hers
will
be
inte
rest
ed in
impr
o-
DE
TE
CT
ION
OF
AB
NO
RM
AL
NE
TW
OR
K B
EH
AV
IOU
R,
AT
TAC
K A
TT
RIB
UT
ION
A
ND
BO
RD
ER
GA
TE
WA
Y P
RO
TO
CO
L A
NA
LYS
IS
EXTE
NSI
BLE
, SC
ALA
BLE
V
ISU
AL
AN
ALY
TIC
S
ving
and
ext
endi
ng t
he f
ram
ewor
k w
ith n
ew v
isua
lizat
ions
and
data
-min
ing
mod
ules
.
CA
SE S
TUD
IES
BG
P: R
aw ro
utin
g in
form
atio
n ha
s be
en c
olle
cted
fro
m a
serie
s of
BG
P va
ntag
e po
ints
and
ana
lyse
d. T
he V
IS-S
ENSE
fram
ewor
k en
able
s th
e de
tect
ion
and
inve
stig
atio
n of
rout
ing
anom
alie
s an
d of
pos
sibl
e BG
P hi
jack
s. A
var
iety
of
mea
sure
s ar
e co
rrel
ated
to
redu
ce t
he n
umbe
r of
fal
se p
osi-
tives
. The
for
war
ding
pat
hs a
t th
e IP
and
AS
leve
ls t
owar
ds
spec
ifi c
susp
icio
us IP
add
ress
es o
r ne
twor
ks h
ave
been
mon
i-
tore
d. W
hen
enric
hed
with
BG
P ro
utin
g in
form
atio
n, ro
utin
g
anom
alie
s an
d po
ssib
le B
GP
hija
cks
coul
d be
mon
itore
d in
both
the
dat
a pl
ane
(IP) a
nd t
he c
ontr
ol p
lane
(BG
P).
Figure 2.2: The back view of the revised VIS-SENSE leaflet
10 SEVENTH FRAMEWORK PROGRAMME
2.2 Website
conclusion.
The banner has a format of 85cm x 200cm, is self-supporting and rolls up into aneasily transportable box, which also serves as its base. In image of the banner at theVis 2013 exhibition is shown in Figure 2.3
2.2 Website
The public section of the VIS-SENSE website was relaunched, also based on a design bythe Fraunhofer IGD PR department, in the second year of the project. The new designmore accurately reflected the goals and outcomes of the project and represented a highquality dissemination channel. The VIS-SENSE website was initially described in D7.2- VIS-SENSE Public and Private Website and VIS-SENSE Logo and in D8.1 - ProjectReference Manual and Quality Plan. The first version of the website was covered ingreat detail in D7.1.1 - Initial Dissemination Report. The second version of the websitewas described in D7.1.2 - Intermediate Dissemination Report
The updates made to the website in the third year are described in this section. Thefollowing domain names were registered for the VIS-SENSE project:
www.vis-sense.eu and www.vissense.eu
The VIS-SENSE website is reachable via both of these URLs. However, the primaryURL selected for the project website is http://www.vis-sense.eu/. The VIS-SENSEwebsite is hosted by Fraunhofer IGD.
The public section of the VIS-SENSE website has been created to showcase the projectresults and make activities related to the project publicly available. The structure of thewebsite aims to provide easily accessible information without hiding important detailsfrom the visitors. The home page contains a simple representation of the project and itsgoals. Eye-catching screen shots of VIS-SENSE modules are placed on the home page asthey become available during the course of the project. A Link to an interactive onlinedemo is also featured on the home page. Figure 2.4 shows the current homepage of theVIS-SENSE website.
One major changes was made to the website in the third year of the project. Thepresentation of the VIS-SENSE publications was made more usable and navigable. Thepublications are shown in an interactively sortable and searchable table. For visitorsinterested in the details of a publication, the abstract can be shown on demand. Inaddition, every entry in the table also provides access to a DOI link to the publicationitself. The new publications section of the VIS-SENSE website is shown in Figure 2.5.
FP7-ICT-257495-VIS-SENSE 11
2 Dissemination Material
Figure 2.3: The VIS-SENSE banner on display at the VIS 2013 exhibition in Atlanta,Georgia
12 SEVENTH FRAMEWORK PROGRAMME
2.2 Website
Figure 2.4: The current homepage of the VIS-SENSE website
FP7-ICT-257495-VIS-SENSE 13
2 Dissemination Material
Figure 2.5: The current publications page of the VIS-SENSE website
14 SEVENTH FRAMEWORK PROGRAMME
2.2 Website
A second major change will made to the website at the end of the project. Thiswill be the replacement of the News section by the Media section of the website (SeeFigure 2.4). The media section was deemed more important than the news section forthe dissemination goals of the project after its conclusion. In addition, a lot of videos,demos and screen shots were created for the exhibitions at the end of the project. Theconsortium felt that it would be a good idea to include this material on the projectwebsite. The new media section of the VIS-SENSE website is shown in Figure 2.6.
The media section will have the following subsections:
Images provides access to collections of screen shots for many of the visualization com-ponents created during the VIS-SENSE project. The collections of screen shotseach contain detailed descriptions of their contents to ensure that visitors canunderstand them.
Videos provides access to videos showing screen casts of visualization components. Thevideos were created for the exhibitions at Vis 2013 and ICT 2013. They containdetailed interaction sequences and speech bubbles explaining them.
Demos A small number of online demos were created during the course of the project.These will be made available or hosted via the project website. The existing TriageWeb Graphs demo will be expanded to include new examples.
The existing Visualization entries in the Results section of the website will be moved tothe new Demos section.
To increase the visibility of the project results, a number of restricted deliverables weremade public by the consortium. Many of the deliverable chapters contain subsequentlypublished material. Thus a small revision was made to some of these documents to ensurethat the papers and not the deliverables are cited when their content is referenced. Thefollowing previously restricted deliverables have been added to the project website:
• D3.1 Specifications of the Network Analytics Algorithms
• D3.2 Correlation Analysis and Abnormal Event Detection Module
• D3.3 Attack Attribution Module
• D4.1 Visual Network Analysis Module
• D4.2 Visual Correlation Analysis Module
• D4.3 Visual Analysis System for Interactive Scalable Analysis
FP7-ICT-257495-VIS-SENSE 15
2 Dissemination Material
Figure 2.6: The new media section of the VIS-SENSE website
16 SEVENTH FRAMEWORK PROGRAMME
2.2 Website
In addition, the remaining public deliverables have also been added to the website.These are as follows:
• D6.1 Threat Landscape Identification Scenario
• D6.2 BGP Analysis Scenario
• D6.3 VIS-SENSE Framework Evaluation
• D7.1.2 Intermediate Dissemination Report
• D7.1.3 Final Dissemination Report
• D7.4 Report on Standardisation Efforts
The total number of VIS-SENSE deliverables available online is now 18 out of a totalof 29 deliverables. The public summary of the project (the first chapter of D8.4 ProjectFinal Report) will also be added to the website once it has been completed.
FP7-ICT-257495-VIS-SENSE 17
3 Accomplished Dissemination Activities
3.1 Dissemination channels and Target groups
According to the VIS-SENSE dissemination strategy, which is described in full detailin Deliverable 7.1.1 - “Initial Dissemination Report”, a great variety of disseminationobjectives has been identified and targeted in the duration of the VIS-SENSE project.To begin with, one of the main objectives was to disseminate the project concept, visionand the novel methods that will be developed to the widest possible academic, indus-trial audience, as well as interested stakeholders. By doing so, the public awareness andacceptance of new and emerging techniques against cybercrime is raised, a fact whichenhances Internet security in the users’ working and home environment. In addition tothese objectives, an additional target was to acquire feedback from experts from all thescientific fields that are related to the VIS-SENSE work, i.e. Information Communica-tions Technology (ICT), Internet Security and Information Visualization. This inboundfeedback allows the VIS-SENSE consortium to take advantage of any fruitful commentsfor the refinement of the ongoing research and development activities as well as to ac-quire a reliable validation of the produced results and assess their acceptance by theacademic and industrial community.
Towards this end, a wide variety of bidirectional communication channels have beenutilized by the VIS-SENSE consortium during the third year of the project:
• Presentation of scientific papers in international, well-reputed confer-ences/workshops/symposia. The results of the proposed solutions, as well asthe technical details, are disseminated using this channel. The papers are after-wards publicly available through the conference proceedings, a fact which greatlyenhances the dissemination procedure. It must be noted that the papers’ accep-tance can be a straightforward indicator of unbiased evaluation of the VIS-SENSEaccomplishments in the corresponding technological fields.
• Publication of scientific papers in international journals. Paper publica-tions in journals provide a more extensive insight to the methodologies and tech-niques introduced in the context of VIS-SENSE. Again, as it was underlined inthe case of conference publications, the acceptance of papers in journals can be
18
3.1 Dissemination channels and Target groups
interpreted as a method of evaluation and assessment of the impact of VIS-SENSEto the network security domain.
• Publication of non-scientific material. The consortium has also achieved anumber of non-scientific publications in online and print media. These publicationswere written by professional journalists on the basis of interviews with VIS-SENSEparticipants. They are aimed at the general public, but also at business peopleworking the the security domain.
• Guest Presentations. This communication channel involves the presentation ofVIS-SENSE goals and results to invited guests. It enables the consortium to raiseawareness about VIS-SENSE in a targeted fashion. Generally, the focus is on thebig picture, rather than on technical details.
• Participation in international fairs and exhibitions in the area of infor-mation technology. These events provide the opportunity to increase awarenessof VIS-SENSE not only in industry, but also among the general public.
• Participation in Security events. These events allow for the exchange of re-search ideas and knowledge between researchers and experts. They also provide adirect communication with the European policy makers.
• Bachelor/Master/PhD theses. The provision of bachelor/Master/PhD theseson the technological field of VIS-SENSE, allows for the dissemination of the projectapproaches to the respective academic institutions, utilizing the educational pro-cedures.
The aforementioned communication channels have been adequately chosen in order toaccommodate the exchange of knowledge with the main dissemination target groups:
• End users. This group refers to network security analysts engaged in the mon-itoring, detection and study of Internet threats from different positions, such as:i) Internet Service Providers (ISPs), ii) network administrators of large organiza-tions, iii) Internet security companies, iv) Internet administrative authorities, e.g.Internet Routing Registries (IRRs), v) Internet security researchers.
• Industry. This group refers to both producers and consumers of network securityproducts. The main goal is to promote and position the VIS-SENSE innovations,in terms of new techniques and approaches against cyber-attacks, and thus, lever-age the VIS-SENSE approaches to a successful commercial solution. Hence, the
FP7-ICT-257495-VIS-SENSE 19
3 Accomplished Dissemination Activities
establishment of connections with the Internet security industry as well as with thetelecommunication players, facilitates the impact of VIS-SENSE on the relevantbusiness and market areas.
• Researchers. This group refers to audience from both the visual analytics andnetwork security communities. These communities could utilize the VIS-SENSEplatform for the benefits of their studies on network security. Furthermore, theycould provide valuable feedback regarding the principles, quality and influence ofthe VIS-SENSE accomplishments.
• Legislative/Regulatory bodies. This group refers specifically to those involvedin network security policy generation and law enforcement. The main goal is toinform the public legislative authorities about the new security solutions employedby VIS-SENSE, and how these solutions could be used to improve the overallInternet security.
• Academia. The research and development results of the VIS-SENSE project canbe utilized by academic institutions for educational purposes, since they providesignificant contribution to cutting-edge technological issues of profound scientificinterest. Thus, the VIS-SENSE knowledge can be used by educational institutionsfor the purpose of enriching the material of the courses, or even create new, whileit can also form the basis of bachelor, master and PhD theses.
• Other European projects. The transfer of knowledge and experience withinthe whole set of the European projects in overlapping fields is a primary requisiteof the VIS-SENSE dissemination activities, so as to enhance the required unity ofthe European research taskforce and increase the scientific impact of VIS-SENSE.
• The interested public. Given the profound proliferation of Internet concerningall the aspects of everyday life, any issues and findings related to Internet securityraise the majority of the public interest, including individuals that are not directlyinvolved in the affected sectors.
3.2 List of Dissemination Activities
This section presents a detailed description of the exact dissemination activities that havebeen accomplished by VIS-SENSE partners, during the third year of the project. Thedescribed activities are categorized according to the utilized communication channels.Furthermore, information is provided with respect to the composition of the audience in
20 SEVENTH FRAMEWORK PROGRAMME
3.2 List of Dissemination Activities
each activity, in reference to the target groups that have been identified by VIS-SENSE.Moreover, for ease of reading, a list of the third year dissemination activities is providedin Tables 3.1 and 3.2, where the dissemination activities are grouped by partners’ nameand then sorted chronologically.
3.2.1 Participation in International Fairs/Exhibitions
Participation in the CeBIT exhibition. The VIS-SENSE research and developmentresults were presented during the exhibition “Centrum fur Beroautomation, Informa-tionstechnologie und Telekommunikation (CeBIT) 2013 ”, which was organized by theDeutsche Messe AG. The presentation of the VIS-SENSE project was realized throughthe IGD stand and it entailed the demonstration of software tools that have been devel-oped for the purposes of the VIS-SENSE project. It should be mentioned that CeBIT isconsidered as the world’s largest exhibition in the field of information technology, whileit is also considered as the exhibition with the most international attributes in this field,in terms of both the participating exhibitors and the visitors. It is indicatively notedthat the CeBIT 2013 exhibition entailed approximately 280.000 visitors.
• Location: Hannover, Germany
• Date: March, 5-9, 2013
• Partner Involved: IGD
• Level: International
• Audience: End-users, Industry, Researchers, Academia, Interested Public
Participation in the VisWeek 2012 exhibition. The VIS-SENSE research and devel-opment results were presented in the VisWeek 2012 exhibition, which is part of theVisWeek conference. This exhibition is organized by the “IEEE Computer Society Vi-sualization and Graphics Technical Committee”. The presentation of the VIS-SENSEproject was realized by means of videos and interactive demos, while project flyers werealso distributed. It should be noted that the VisWeek conference has more than 1000attendants.
• Location: Seattle, WA, USA
• Date: October, 16-18, 2012
• Partner Involved: IGD
FP7-ICT-257495-VIS-SENSE 21
3 Accomplished Dissemination Activities
• Level: International
• Audience: End-users, Industry, Researchers, Academia, Interested Public
Participation in the ICT 2013 exhibition. The VIS-SENSE research and developmentresults were successfully presented during the exhibition “Information CommunicationsTechnology (ICT) 2013 ”, which was organized by the European Commission. The pre-sentation of the VIS-SENSE project was realized through a VIS-SENSE stand and itentailed the demonstration of software tools that have been developed for the purposesof the VIS-SENSE project. It should be noted that the approximate number of visitorsfor this exhibition is around 4,500.
• Location: Vilnius, Lithuania
• Date: November, 6-8, 2013
• Partner Involved: IGD, Symantec, UKON
• Level: European
• Audience: End-users, Industry, Researchers, Academia, Interested Public
Participation in the Vis 2013 exhibition. The VIS-SENSE research and developmentresults were presented in the Vis 2013 exhibition, which is part of the Vis 2013 confer-ence (formerly known as VisWeek). This exhibition is organized by the “IEEE ComputerSociety Visualization and Graphics Technical Committee”. The presentation stand en-tailed videos and interactive demos, while project flyers were also distributed. It shouldbe noted that Vis 2013 had more than 900 participants.
• Location: Atlanta, GA, USA
• Date: October, 15-17, 2013
• Partner Involved: IGD
• Level: International
• Audience: End-users, Industry, Researchers, Academia, Interested Public
22 SEVENTH FRAMEWORK PROGRAMME
3.2 List of Dissemination Activities
3.2.2 Paper Presentation in Conferences/Workshops/Symposia
Paper presentation at the “International Symposium on Computer and InformationSciences”. The paper “A Novel Unsupervised Method for Securing BGP against Rout-ing Hijacks”, which is written by G. Theodoridis, O. Tsigkas and D. Tzovaras, waspresented at the “27th International Symposium on Computer and Information Sciences(ISCIS 2012)” [8]. In this paper, a BGP hijack detection mechanism is introduced thatis developed upon the extraction of two novel features related to the frequency of appear-ance and the geographic deviation of each intermediate AS towards a given destinationcountry. Moreover, the technique is tested under a real-world case of BGP hijack andthe efficiency of the features and the corresponding proximity measures is assessed. Itis proven that the proposed approach is capable of decisively capturing such events ofmalicious routing path anomalies. It is worth noting that the work included in thispaper has been carried out completely within the VIS-SENSE framework and it hasbeen documented in the corresponding deliverables. ISCIS 2012 is a refereed conferenceand its proceedings are published by Springer in a special issue of the Lecture Notes inElectrical Engineering (LNEE) series.
• Location: Paris, France
• Date: October, 3-4, 2012
• Partner Involved: CERTH/ITI
• Level: International
• Audience: End-users, Industry, Researchers, Academia
Paper presentation at the “IEEE Symposium on Visual Analytics Science and Tech-nology”. The paper “BANKSAFE: A Visual Situational Awareness Tool for Large-Scale Computer Networks”, written by F. Fischer, J. Fuchs, F. Mansmann and D. A.Keim, was presented at the “IEEE Symposium on Visual Analytics Science and Technol-ogy 2012 (VAST Challenge 2012)”, which is organized within the framework of VisWeek2012 [2]. According to this paper, given the reliance of businesses, public institutionsand individuals on large computer networks, maintaining their security becomes essentialto ensure integrity. Thus, in order to achieve situational awareness, the BANKSAFEframework is developed, which is a scalable, distributed and web-based visualizationsystem to analyze health monitoring data and security datasets. It must be underlinedthat the aforementioned study, which entails research and development work carried out
FP7-ICT-257495-VIS-SENSE 23
3 Accomplished Dissemination Activities
within the VIS-SENSE project, won the “VAST 2012 Challenge Award: Outstandingcomprehensive submission, including multiple vizes”.
• Location: Seattle, WA, USA
• Date: October, 15, 2012
• Partner Involved: UKON
• Level: International
• Audience: End-users, Industry, Researchers, Academia
Paper presentation at the “Symposium on Visualization for Cyber Security”. Thepaper “VisTracer: A Visual Analytics Tool to Investigate Routing Anomalies in Tracer-outes”, which is written by F. Fischer, J. Fuchs, P.-A. Vervier, F. Mansmann and O.Thonnard, was presented at the “9th Symposium on Visualization for Cyber Security(VizSec 2012)” [5]. The VisTracer is a visual analytics tool, which represents analysisresults that are acquired through the implementation of anomaly detection algorithmson large traceroute data sets. To this end, several scalable representations are introducedin order to support the analyst to explore, identify and analyze suspicious events andtheir relations to malicious activities. It must be underlined that VisTracer has evolvedfrom the efficient integration of the network analytics methodologies that have been de-veloped by SYM with the visualization approaches proposed by UKON for the particularpurposes of BGP anomaly detection, as pursued within the VIS-SENSE framework. Asfar as VizSec 2012 is concerned, it must be unerlined that it is an refereed conferencethat raises international scientific interest and taskforce in the specific area of security-related visualizations. Hence, it is an excellent, if not unique, opportunity to addressthe VIS-SENSE concept and innovations to experts of this multi-disciplinary domain.Moreover, it worth noting that VizSec will be held in conjunction with VisWeek 2012,which is considered as one of the most prestigious events in the field of visualizationtechnologies, allowing the VIS-SENSE project to be communicated to stakeholders fromthe whole range of the visualization domain to exchange their experience and knowledge.
• Location: Seattle, WA, USA
• Date: October, 15, 2012
• Partner Involved: UKON, SYM
• Level: International
• Audience: End-users, Industry, Researchers, Academia
24 SEVENTH FRAMEWORK PROGRAMME
3.2 List of Dissemination Activities
Paper presentation at the “Symposium on Visualization for Cyber Security”. Thepaper “Visual Spam Campaigns Analysis Using Abstract Graphs Representation”, whichis written by O. Tsigkas, O. Thonnard and D. Tzovaras, was presented at the “9th
Symposium on Visualization for Cyber Security (VizSec 2012)” [17]. This work presentsa visual analytics tool introducing a new kind of graph visualization that exploits thenodes’ degree to provide a simplified and more abstract, yet accurate, representation ofthe most important elements of a security data set and their inter-relationships. Theproposed visualization technique is designed to address two primary shortcomings ofexisting graph visualization techniques: scalability of visualization and comprehensibilityof results. In this respect, the main goal of the presented visual analytics tool is toprovide security analysts with an effective way to reason interactively about variousattack phenomena orchestrated by cyber criminals. The use of the tool is demonstratedon a large corpus of spam emails, by visualizing spam campaigns performed by spambotnets. In particular, the analysis is focused on spam sent in March 2011 to understandthe impact of the Rustock takedown on the botnet ecosystem. This paper, which presentsresearch and development work that has been included in the VIS-SENSE deliverables,combines both network analytics and visualization analysis into an efficient integratedvisual analytics approach.
• Location: Seattle, WA, USA
• Date: October, 15, 2012
• Partner Involved: CERTH/ITI, SYM
• Level: International
• Audience: End-users, Industry, Researchers, Academia
Paper presentation at the “International Conference on Mathematical Methods,Models, and Architectures for Computer Network Security”. The paper “Limita-tion of Honeypot/Honeynet Databases to Enhance Alert Correlation”, which is writtenby Y. B. Mustapha, H. Debar and G. Jacob, was presented at the “6th InternationalConference on Mathematical Methods, Models, and Architectures for Computer NetworkSecurity (MMM-ACNS 2012)” [12]. This paper explores four honeypot databases thatcollect information about malware propagation and security information about web-based server role, including also the data gathered through the VIS-SENSE honeynetinfrastructure. Based on this information an evaluation of the exploitation of thesedatabases is performed regarding the correlation of local alerts with global knowledge,
FP7-ICT-257495-VIS-SENSE 25
3 Accomplished Dissemination Activities
which also refers to the correlation analysis of network threats that is performed withinthe VIS-SENSE framework. MMM-ACNS 2012 is a refereed conference and its pro-ceedings are published by Springer in a special issue of the Computer CommunicationNetworks and Telecommunications subseries of the Lecture Notes in Computer Science(LNCS).
• Location: St. Petersburg, Russia
• Date: October, 17-20, 2012
• Partner Involved: IT
• Level: International
• Audience: End-users, Industry, Researchers, Academia
Paper presentation at the “Annual Computer Security Applications Conference”.The paper “One Year of SSL Internet Measurement”, which is written by O. Levillain,A. Ebalard, B. Morin and H. Debar, was presented at the “2012 Annual Computer Se-curity Applications Conference (ACSAC 2012)” [11]. This research activity is directlyconnected to the VIS-SENSE use case “visualization of the Internet threat landscape”.The impact of bad certificates on web threats has risen since the beginning of VIS-SENSE, with a set of security incidents and cryptography-related issues (e.g. the breakof the Microsoft authentication code mechanism by the FLAME malware). The possibledeployment of bad certificate to lure users, and the systematic analysis of this informa-tion, provides useful data to complement HARMUR. ACSAC 2012 is an internationalrefereed conference.
• Location: Orlando, FL, USA
• Date: December, 3-7, 2012
• Partner Involved: IT
• Level: International
• Audience: End-users, Industry, Researchers, Academia
26 SEVENTH FRAMEWORK PROGRAMME
3.2 List of Dissemination Activities
Paper presentation at the “International Conference on Cryptology and Network Se-curity”. The paper “Analysis of Rogue Antivirus Campaigns Using Hidden Structuresin k-partite Graphs”, which is written by O. Tsigkas and D. Tzovaras, was presented atthe “11th International Conference on Cryptology and Network Security (CANS 2012)”[18]. Among the various malicious activities of cyber-criminals, rogue security softwarecampaigns have evolved into one of the most lucrative criminal operations on the In-ternet. In this paper, a novel method is presented to analyze rogue security softwarecampaigns, by studying a number of different features that are related to their oper-ation. Contrary to existing data mining techniques for multivariate data, which aremostly based on the definition of appropriate proximity measures on a per-feature basisand data fusion techniques to combine per-feature mining results, the proposed techniquetakes advantage of the structural properties of the k-partite graph formed by consider-ing the natural interconnections between objects of different types. The results of theanalysis of rogue security software campaigns are further assessed by a visual analysistool and their accuracy is documented.
• Location: Darmstadt, Germany,
• Date: December 12-14, 2012
• Partner Involved: CERTH/ITI
• Level: International
• Audience: End-users, Industry, Researchers, Academia
Paper presentation at the “IEEE International Traffic Monitoring and Analysis Work-shop 2013 (TMA)”. The paper “SpamTracer: How Stealthy Are Spammers?”, whichis written by Pierre-Antoine Vervier and Olivier Thonnard, was presented at the “5thIEEE International Traffic Monitoring and Analysis Workshop” [19]. This paper ex-amines the relationship between BGP hijacking and spam activity in the internet. Theproceedings of the IEEE International Traffic Monitoring and Analysis Workshop 2013were published by IEEE conference proceedings.
• Location: Turin, Italy
• Date: April 14-19, 2013
• Partner Involved: Symantec
• Level: International
FP7-ICT-257495-VIS-SENSE 27
3 Accomplished Dissemination Activities
• Audience: End-users, Industry, Researchers, Academia
Paper presentation at the “Conference on Human Factors in Computing Systems”.The paper “Evaluation of Alternative Glyph Designs for Time Series Data in a SmallMultiple Setting”[7], which is written by J. Fuchs, F. Fischer, F. Mansmann, E. Bertiniand P. Isenberg., was presented at the “Conference on Human Factors in ComputingSystems 2013 (CHI 2013)”. This paper presents the results of a controlled experimentto investigate the performance of different temporal glyph designs in a small multiplesetting. The results showed that depending on tasks and data density, the chosen glyphsperformed differently. It should be noted that this paper received a Honorable MentionAward from the organizers of the conference. The proceedings of the CHI 2013 areavailable by the ACM digital library.
• Location: Paris, France
• Date: May 1-2, 2013
• Partner Involved: UKON
• Level: International
• Comments: Honorable Mention Award
• Audience: End-users, Industry, Researchers, Academia
Paper presentation at the “13th German IT Security Congress”. The article “Vi-sual Analytics zur Firewall-Konfiguration und Analyse von Netzwerkverkehr” [4], whichis written by F. Fischer, J. Fuchs, F. Mansmann and D. A. Keim, was presented atthe “13th German IT Security Congress”, which is organized by the Federal Office forInformation Security. This article introduces the visual analytics approach and showcasetwo successful applications with novel visualization techniques for firewall configurationand network traffic analysis.
• Location: Bonn, Germany
• Date: May 14-16, 2013
• Partner Involved: UKON
• Level: National
• Audience: End-users, Industry, Researchers, Academia
28 SEVENTH FRAMEWORK PROGRAMME
3.2 List of Dissemination Activities
Paper presentation at the “International Workshop on Cyber Crime (IWCC 2013)”.The paper “Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations”,which is written by Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Davide Balzarotti,and Aurelien Francillon, was presented at the “International Workshop on Cyber Crime(IWCC 2013)”, which is co-located with the “34th IEEE Symposium on Security andPrivacy (IEEE S&P 2013)” [9]. This paper examines the Nigerian scam, which is a pop-ular form of fraud in which the fraudster tricks the victim into paying a certain amountof money under the promise of a future, larger payoff. The proceedings of the Inter-national Workshop on Cyber Crime (IWCC 2013) were published by IEEE conferenceproceedings.
• Location: San Francisco, CA, USA
• Date: May 24, 2013
• Partner Involved: Symantec
• Level: International
• Audience: End-users, Industry, Researchers, Academia
Paper presentation at the “International Conference on Digital Signal Processing(DSP)”. The paper entitled “BGPViewer: Using Graph representations to exploreBGP routing changes”, which is written by S. Papadopoulos, K. Moustakas, and D.Tzovaras, has been presented at the “10th International Conference on Digital SignalProcessing (DSP 2013)” [13]. This paper examines the use of graph representation of theBGP activity, so as to detect and attribute BGP anomalies. It provides two graph view,the AS (Autonomous System) level and the Country level. The analytical potential ofthe proposed approach is demonstrated by detecting previously known BGP anomalies.
• Location: Santorini, Greece
• Date: July 1-3, 2013
• Partner Involved: CERTH/ITI
• Level: International
• Audience: End-users, Industry, Researchers, Academia
FP7-ICT-257495-VIS-SENSE 29
3 Accomplished Dissemination Activities
Paper presentation at the “IEEE VIS 2013”. The paper “VACS: Visual AnalyticsSuite for Cyber Security - Visual Exploration of Cyber Security Datasets”, which iswritten by F. Fischer and D. A. Keim, was presented at the “VAST Challenge Work-shop at IEEE VIS 2013 ” [6]. The paper introduces a novel Visual Analytics Suite forCyber Security (VACS) to visually explore the given datasets using a combination ofdifferent visual representations. The main focus of the paper was to address the cybersecurity challenge of the VAST Challenge 2013. The proceedings of the VAST ChallengeWorkshop 2013 were published by IEEE conference proceedings.
• Location: Atlanta, USA
• Date: 13-18 Oct, 2013
• Partner Involved: UKON
• Level: International
• Audience: End-users, Industry, Researchers, Academia
Paper presentation at the “Symposium on Visualization for Cyber Security (VizSec)”.The paper entitled “BGPfuse: Using visual feature fusion for the detection and attri-bution of BGP anomalies” [14], which is written by S. Papadopoulos, G. Theodoridis,D. Tzovaras, has been presented at the “18th Symposium on Visualization for CyberSecurity (VizSec 2013)”, which is part of the Vis 2013 conference. This paper examinesthe use of visual feature fusion for the combination of multiple BGP features. The enduser is able to detect and attribute BGP anomalies that are characterized by multiplemetrics.
• Location: Atlanta, Georgia, USA
• Date: October 14, 2013
• Partner Involved: CERTH/ITI
• Level: International
• Audience: End-users, Industry, Researchers, Academia, Authorities
30 SEVENTH FRAMEWORK PROGRAMME
3.2 List of Dissemination Activities
3.2.3 Paper Publications in Journals
Paper publication at the “Security and Communication Networks”. The paper “Spam-mers Operations: A Multifaceted Strategic Analysis”, which is written by O. Thonnard,P.-A. Vervier and M. Dacier, was published at the Wiley, “Security and CommunicationNetworks” [16]. This paper explores several facets of spammers’ operations. First, theinterconnections between spam botnets that are used by spammers for sending unso-licited email in bulk through spam campaigns are investigated. Moreover, a conjectureabout the so-called “fly-by spammers”, i.e. or spammers hijacking unused IP space tosend spam in a stealthy way, is studied. Finally, focusing on a real use-case scenario,the impact of the Rustock takedown on the botnet ecosystem is examined through anin-depth analysis of real spam data.
• Date: October, 2012
• Partner Involved: Symantec
• Level: International
• Audience: End-users, Industry, Researchers, Academia
Paper publication at the “IEEE Network Magazine”. The paper “Visual Analyticsfor BGP Monitoring and Prefix Hijacking Identification”, which is written by E. Bier-sack, Q. Jacquemart, F. Fischer, J. Fuchs, O. Thonnard, G. Theodoridis, D. Tzovaras,P.-A. Vervier, was published at the “IEEE Network Magazine - Special Issue on Com-puter Network Visualization” [1]. This paper provides a survey of the most prominentvisualization methods that have been developed for BGP monitoring, focusing on theparticular tools that have been designed for the identification of prefix hijacks. More-over, as one of the paper’s primary goals, it is illustrated how network visualizationhas the potential to assist an analyst in detecting abnormal routing patterns in massiveamounts of BGP data. Furthermore, an analysis of a real validated case of prefix hi-jacking is described thoroughly, along with a proposed combined network analytics andvisualization methodology for facilitating the detection and assessment of such BGPsecurity incidents. It is worth noting that this study encompasses significant part ofthe extensive research and development work that has been performed within the VIS-SENSE project (State-of-the-Art analysis, novel network analytics methodologies forefficient BGP anomaly discovery and novel visualization techniques for effective identi-fication of the voluminous data), in order to achieve the challenging task of enhancingBGP hijacking reliable detection and attribution.
FP7-ICT-257495-VIS-SENSE 31
3 Accomplished Dissemination Activities
• Date: November/December, 2012
• Partner Involved: EURECOM, UKON, Symantec, CERTH
• Level: International
• Audience: End-users, Industry, Researchers, Academia
Paper publication at the “Computer Communication Review Journal”. The paper“A forensic case study on as hijacking: the attacker’s perspective” [15], written bySchlamp, J., Carle, G. and Biersack, E.W., was published at the “ACM SIGCOMMComputer Communication Review Journal, Volume 43 Issue 2 ” on April 2013. This pa-per introduces a system which (i) identifies hijacks using BGP, traceroute and IRR dataand (ii) investigates traffic originating from the reported networks with spam and netflowdata. It also presents a real case where suspicious BGP announcements coincided withspam and web scam traffic from corresponding networks and shows that a correlationof suspicious routing events with malicious activities is insufficient to evidence harmfulBGP hijacks.
• Date: April, 2013
• Partner Involved: EURECOM
• Level: International
• Audience: End-users, Industry, Researchers, Academia
Paper publication at the “Information Visualization Journal”. The paper entitled“BANKSAFE: Visual analytics for big data in large-scale computer networks” [3], writ-ten by F. Fischer, J. Fuchs, F. Mansmann and D. A. Keim, was published at the “In-formation Visualization Journal” on June 2013. According to this paper, given thereliance of businesses, public institutions and individuals on large computer networks,maintaining their security becomes essential to ensure integrity. Thus, in order to achievesituational awareness, the BANKSAFE framework is developed, which is a scalable, dis-tributed and web-based visualization system to analyze health monitoring data andsecurity datasets. It must be underlined that the aforementioned study, which entailsresearch and development work carried out within the VIS-SENSE project, won the“VAST 2012 Challenge Award: Outstanding comprehensive submission”.
• Date: June, 2013
32 SEVENTH FRAMEWORK PROGRAMME
3.2 List of Dissemination Activities
• Partner Involved: UKON
• Level: International
• Audience: End-users, Industry, Researchers, Academia
3.2.4 Publication of non-scientific material
Online article at “InnoVisions”. The article “Brille fur grobe Daten: Mit Visual An-alytics Sicherheitsfragen losen” (“Big-Data Spectacles: Solve Security Problems withVisual Analytics”)[21], written by Stephan Wengenroth, was published at the “Inno-Visions Journal” on March 2013. This paper examines the use of visual analytics toidentify network attack strategies and identify security-related events. The “InnoVisionsJournal” is distributed by means of a web magazine.
• Date: March, 2013
• Partner Involved: IGD
• Level: National
• Audience: End-users, Industry
Online article at “InnoVisions”. The article “Besserer Einblick ins Webgeschehen: Vi-sual Analytics macht Internetangriffe verstehbar” (“Improved Insights into Web-Events:Visual Analytics makes Internet Attacks understandable”)[20], written by Stephan Wen-genroth, was published at the “InnoVisions Journal” on May 2013. This paper examinesthe use of visual analytics tools, to support security experts by enabling them to iden-tify and comprehend the distribution and modus operandi of suspicious activities on theInternet. The “InnoVisions Journal” is distributed by means of a web magazine.
• Date: May, 2013
• Partner Involved: IGD
• Level: National
• Audience: End-users, Industry
FP7-ICT-257495-VIS-SENSE 33
3 Accomplished Dissemination Activities
Online article at “InnoVisions”. The article “Ins Auge gefasst: Visual Analytics machtBotnetze offensichtlich” (“Eye Catching: Visual Analytics makes Bot Nets palpable”)[10],written by Andreas Kunkel, was published at the “InnoVisions Journal” on October2013. This paper exploits the human perceptual ability by means of visual analytics in-terfaces, so as to and identify criminal activities in the general data flow of the Internet.The “InnoVisions Journal” is distributed by means of a web magazine.
• Date: October, 2013
• Partner Involved: IGD
• Level: National
• Audience: End-users, Industry
3.2.5 Participation in Security Events
Participation in the “Effectsplus Open Communications Event”. The VIS-SENSEwork has been presented in the “Effectsplus Open Communications” event, organizedby “The Effectsplus Consortium”. The main theme of the event was IT security for e-commerce. EU research project representatives attend this event in order to: 1) provideinformation on the trust and security project clustering activities, 2) provide the op-portunity to link with newly funded trust and security research projects and form newcollaborations, and 3) provide active projects with a valuable opportunity to providefeedback on previous clustering activities and voice their opinion on future potentialtopical workshops of interest.
• Location: Brussels, Belgium
• Date: February 2, 2013
• Partner Involved: IGD
• Level: European
• Audience: End-users, Industry, Researchers, Academia, Authorities
Participation in the “InnoVisions Days IT-Security Tag ”. The VIS-SENSE workhas been presented in the “InnoVisions Days IT-Security Tag ” event, which has asits main topic “IT security for e-commerce”. This event is organized by the German“E-Commerce and Distance Selling Trade Association (bvh)”, and “Fraunhofer IuK”.
34 SEVENTH FRAMEWORK PROGRAMME
3.2 List of Dissemination Activities
The involved parters showed the applicability of VIS-SENSE results to e-commerce ap-plications.
• Location: Nuremburg, Germany
• Date: October 8, 2013
• Partner Involved: IGD
• Level: National
• Audience: End-users, Industry, Researchers, Academia, Authorities
Participation in the “RIPE 67 event”. The VIS-SENSE work has been presented toan audience of premium interest, in a an event organized in Greece “RIPE 67 ”. TheRIPE event os a five-day event where where Internet Service Providers (ISPs), networkoperators and other interested parties gather to discuss issues of interest to the Internetcommunity. This event had more than 450 participants in 2013.
• Location: Athens, Greece
• Date: October 14-18, 2013
• Partner Involved: Symantec
• Level: International
• Audience: End-users, Industry, Researchers, Academia, Authorities
3.2.6 Guest Presentations
Presentation of VIS-SENSE methodologies to the “Head of Unit Future Networks”The VIS-SENSE work have been presented to the “Head of Unit Future Networks”, Mr.Luis Rodriguez-Rosello, at Fraunhofer IGD, so as to investigate the potential for transferof the technology to other domains.
• Location: Darmstadt, Germany
• Date: April, 4, 2013
• Partner Involved: IGD
• Audience: Industry, Authorities
FP7-ICT-257495-VIS-SENSE 35
3 Accomplished Dissemination Activities
Presentation of VIS-SENSE methodologies to representatives from “Singapore NanyangTechnological University” The VIS-SENSE work have been presented to representa-tives from “Singapore Nanyang Technological University” at Fraunhofer IGD. The aca-demic value of the results was discussed, as well as possible open challenges / possibilitiesfor cooperation.
• Location: Darmstadt, Germany
• Date: September, 23, 2013
• Partner Involved: IGD
• Audience: Researchers, Academia
3.2.7 Educational activities
Bachelor’s Thesis. Philipp Roskosch has acquired a Bachelor’s Degree in the researcharea of “Dynamic Sampling Using Degree of Interest for the Exploration of Very LargeMatrices”. The work of Philipp Roskosch has been utilized in VIS-SENSE to provideinteractive visual exploration of dense matrices. More particularly, a technique for thevisual exploration of large, dense similarity matrices is presented in this bachelor thesis.It enables the comparison of several dimensions of a multivariate dataset. Data arereduced using sampling methods for the purposes of visualization. Access times increasedramatically as matrix sizes increase, which is problematic for interaction. Thus, anumber of database management systems are considered and access times are comparedfor different sizes of matrix.
• Date: February, 2013
• Partner Involved: IGD
• Level: National
• Audience: Researchers, Academia
Bachelor’s Thesis. Maximilian Pohst has acquired a Bachelor’s Degree in the researcharea of “Definition of an Evaluation Process for Domain-Specific Visual Analytics So-lutions”. The work of Philipp Roskosch focused on the evaluation of complex softwaresystems. Traditional approaches in information visualization are generally focused onlaboratory environments in which very specific aspects of a system are rigorously eval-uated. This is problematic for visual analytics, since the goal here is to combine many
36 SEVENTH FRAMEWORK PROGRAMME
3.2 List of Dissemination Activities
techniques for the solution of problems. The evaluation of the systems as a whole isnecessary. Furthermore, visual analytics solutions are often aimed at very specific, smallgroups of domain experts. These experts do not have time for long, arduous experi-ments. In this thesis current methods are explored with these constraints in mind. Aproposal is then formulated for the evaluation and validation of visual analytics solutionsthroughout the implementation process.
• Date: November, 2013
• Partner Involved: IGD
• Level: National
• Audience: Researchers, Academia
FP7-ICT-257495-VIS-SENSE 37
3 Accomplished Dissemination Activities
Activity Type / Event Place Date PartnerInvolved
Participation in the VisWeek 2012 exhibition Seattle, WA, USA October,16-18, 2012
IGD
Participation in the “Effectsplus OpenCommunications Event”
Brussels, Belgium February 2,2013
IGD
Bachelor’s Thesis February,2013
IGD
Participation in the CeBIT exhibition Hannover,Germany
March, 5-9,2013
IGD
Online article on “InnoVisions” March, 2013 IGD
Guest presentation at the “Head of UnitFuture Networks”
Darmstadt,Germany
April, 4, 2013 IGD
Online article on “InnoVisions” May, 2013 IGD
Guest presentation at the “SingaporeNanyang Technological University”
Darmstadt,Germany
September,23, 2013
IGD
Participation in the “InnoVisions DaysIT-Security Tag”
Nuremburg,Germany
October 8,2013
IGD
Participation in the Vis 2013 exhibition Atlanta, GA, USA October,15-17, 2013
IGD
Online article on “InnoVisions” October,2013
IGD
Participation in the ICT 2013 exhibition Vilnius, Lithuania November,6-8, 2013
IGD,Symantec,UKON
Bachelor’s Thesis November,2013
IGD
Paper presentation at the “InternationalSymposium on Computer and InformationSciences”
Paris, France October, 3-4,2012
CERTH/ITI
Paper presentation at the “Symposium onVisualization for Cyber Security (VizSec)”
Seattle, WA, USA October, 15,2012
CERTH/ITI,Symantec
Paper presentation at the “InternationalConference on Cryptology and NetworkSecurity”
Darmstadt,Germany,
December12-14, 2012
CERTH/ITI
Table 3.1: Dissemination activities accomplished in the third year of VIS-SENSE
38 SEVENTH FRAMEWORK PROGRAMME
3.2 List of Dissemination Activities
Activity Type / Event Place Date PartnerInvolved
Paper presentation at the “10th InternationalConference on Digital Signal Processing”
Santorini, Greece July 1-3,2013
CERTH/ITI
Paper presentation at the “18th Symposiumon Visualization for Cyber Security (VizSec)”
Atlanta, GA, USA October 14,2013
CERTH/ITI
Paper presentation at the “IEEE Symposiumon Visual Analytics Science and Technology(VAST)”
Seattle, WA, USA October, 15,2012
UKON
Paper presentation at the “Symposium onVisualization for Cyber Security (VizSec)”
Seattle, WA, USA October, 15,2012
UKON,Symantec
Paper presentation at the “Conference onHuman Factors in Computing Systems”
Paris, France May 1-2,2013
UKON
Paper presentation at the “13th German ITSecurity Congress”
Bonn, Germany May 14-16,2013
UKON
Paper publication at the “InformationVisualization Journal”
June, 2013 UKON
Paper presentation at the “IEEE VIS 2013” Atlanta, GA, USA 13-18 Oct,2013
UKON
Paper presentation at the “InternationalConference on Mathematical Methods,Models, and Architectures for ComputerNetwork Security”
St. Petersburg,Russia
October,17-20, 2012
IT
Paper presentation at the “Annual ComputerSecurity Applications Conference”
Orlando, FL, USA October,December,3-7, 2012
IT
Paper publication at the “Security andCommunication Networks Journal”
October,2012
Symantec
Paper presentation at the “IEEEInternational Traffic Monitoring andAnalysis Work-shop (TMA)”
Turin, Italy April 14-19,2013
Symantec
Participation in the “RIPE 67 event” Athens, Greece October14-18, 2013
Symantec
Paper publication at the “IEEE NetworkMagazine”
November /December,2012
EURECOM,UKON,Symantec,CERTH
Paper publication at the “ComputerCommunication Review Journal”
April, 2013 EURECOM
Table 3.2: Dissemination activities accomplished in the third year of VIS-SENSE
FP7-ICT-257495-VIS-SENSE 39
4 Conclusions
This deliverable provides an exhaustive analysis of the dissemination roadmap, followedby the VIS-SENSE consortium during the third year of the project. The exact ele-ments that are utilized in order to disseminate the VIS-SENSE activities, and transferknowledge and experience to all interested parties, are discussed in detail in this report.
Specifically, this deliverable provides a consolidated list of the identified target groupsand the deployed communication channels that have been utilized during the third yearof the project. In addition, the whole set of the dissemination activities that have beenrealized during the third year of the VIS-SENSE are described in full detail, with respectto the utilized communication channels, as well as the target groups.
As far as the VIS-SENSE dissemination material is concerned, the deliverable providesa detailed description of relevant dissemination artefacts. In particular, the revisedflyer, a banner and the modifications to the website were presented. These changes arefocussed not only on dissemination within the final year of the project, but also on thedissemination activities which will continue after the conclusion of the projects. Thepartners are well equipped to begin there post-project dissemination and exploitationactivities.
40
Bibliography
[1] E. Biersack, Q. Jacquemart, F. Fischer, J. Fuchs, O. Thonnard, G. Theodoridis,D. Tzovaras, and P.-A. Vervier. Visual analytics for bgp monitoring and prefixhijacking identification. IEEE Network Magazine - Special Issue on Computer Net-work Visualization, 26(6):33–39, 2012.
[2] F. Fischer, J. Fuchs, F. Mansmann, and D. A. Keim. Banksafe: A visual situationalawareness tool for large-scale computer networks. In Proceedings of the IEEE Sym-posium on Visual Analytics Science and Technology 2012 (VAST Challenge 2012),October 2012.
[3] F. Fischer, J. Fuchs, F. Mansmann, and D. A. Keim. Banksafe: Visual analyticsfor big data in large-scale computer networks. Information Visualization Journal,June 2013.
[4] F. Fischer, J. Fuchs, F. Mansmann, and D. A. Keim. Visual analytics zur firewall-konfiguration und analyse von netzwerkverkehr. In Proceedings of the 13th GermanIT Security Congress, May 2013.
[5] F. Fischer, J. Fuchs, P.-A. Vervier, F. Mansmann, and O. Thonnard. Vistracer: Avisual analytics tool to investigate routing anomalies in traceroutes. In Proceedingsof the 9th Symposium Visualization for Cyber Security (VizSec 2012), October 2012.
[6] F. Fischer and D. A. Keim. Vacs: Visual analytics suite for cyber security - visualexploration of cyber security datasets. In Proceedings of the IEEE VIS 2013, Oct2013.
[7] J. Fuchs, F. Fischer, F. Mansmann, E. Bertini, and P. Isenberg. Evaluation of alter-native glyph designs for time series data in a small multiple setting. In Proceedingsof the Conference on Human Factors in Computing Systems (CHI 2013), May 2013.
[8] O. T. G. Theodoridis and D. Tzovaras. A novel unsupervised method for securingbgp against routing hijacks. In Proceedings of the 27th International Symposium onComputer and In- formation Sciences (ISCIS 2012), October 2012.
41
Bibliography
[9] J. Isacenkova, O. Thonnard, A. Costin, D. Balzarotti, and A. Francillon. Insidethe scam jungle: A closer look at 419 scam email operations. In Proceedings of theInternational Workshop on Cyber Crime (IWCC 2013), May 2013.
[10] A. Kunkel. Ins auge gefasst: Visual analytics macht botnetze offensichtlich. Inno-Visions Journal, Oct 2013.
[11] O. Levillain, A. Ebalard, B. Morin, and H. Debar. One year of ssl internet mea-surement. In Proceedings of the 2012 Annual Computer Security Applications Con-ference (ACSAC 2012), December 2012.
[12] Y. B. Mustapha, H. Debar, and G. Jacob. Limitation of honeypot/honeynetdatabases to enhance alert correlation. In Proceedings of the 6th International Con-ference on Mathematical Methods, Models, and Architectures for Computer NetworkSecurity (MMM-ACNS 2012), October 2012.
[13] S. Papadopoulos, K. Moustakas, and D. Tzovaras. Bgpviewer: Using graph repre-sentations to explore bgp routing changes. In Proceedings of the 10th InternationalConference on Digital Signal Processing (DSP 2013), July 2013.
[14] D. T. S. Papadopoulos, G. Theodoridis. Bgpfuse: Using visual feature fusion for thedetection and attribution of bgp anomalies. In Proceedings of the 10th Workshopon Visualization for Cyber Security, ACM, Oct 2013.
[15] J. Schlamp, G. Carle, and E. Biersack. A forensic case study on as hijacking:the attacker’s perspective. ACM SIGCOMM Computer Communication ReviewJournal, 43, April 2013.
[16] O. Thonnard, P.-A. Vervier, and M. Dacier. Spammers operations: A multifacetedstrategic analysis. Security and Communication Networks, 2012.
[17] O. Tsigkas, O. Thonnard, and D. Tzovaras. Visual spam campaigns analysis usingabstract graphs representation. In Proceedings of the 9th Symposium Visualizationfor Cyber Security (VizSec 2012), October 2012.
[18] O. Tsigkas and D. Tzovaras. Analysis of rogue antivirus campaigns using hiddenstructures in k-partite graphs. In Proceedings of the 11th International Conferenceon Cryptology and Net- work Security (CANS 2012), December 2012.
[19] P.-A. Vervier and O. Thonnard. Spamtracer: How stealthy are spammers? In Pro-ceedings of the 5th IEEE International Traffic Monitoring and Analysis Workshop,April 2013.
42 SEVENTH FRAMEWORK PROGRAMME
Bibliography
[20] S. Wengenroth. Besserer einblick ins webgeschehen: Visual analytics macht inter-netangriffe verstehbar. InnoVisions Journal, May 2013.
[21] S. Wengenroth. Brille fur grobe daten: Mit visual analytics sicherheitsfragen losen.InnoVisions Journal, March 2013.
FP7-ICT-257495-VIS-SENSE 43