Combining real-time risk visualization and anomaly detection

Teemu Väisänen, Sami Noponen, Outi Marja Latvala, Jarkko Kuusijärvi

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)

    Abstract

    Traditional risk management produces a rather static listing of weaknesses, probabilities and mitigations. Large share of cyber security risks realize through computer networks. These attacks or attack attempts produce events that are detected by various monitoring techniques such as Intrusion Detection Systems (IDS). Often the link between detecting these potentially dangerous real-time events and risk management process is lacking, or completely missing. This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS). The tool is used to dynamically visualize network security events of a Terrestrial Trunked Radio (TETRA) network running in Software Defined Networking (SDN) context as a case study. Visualizations are presented with a treelike graph, that gives a quick easily understandable overview of the cyber security situation. This paper also discusses what network security events are monitored and how they affect the more general risk levels. The major benefit of this approach is that the risk analyst is able to map the designed risk tree/security metrics into actual real-time events and view the system's security posture with the help of a runtime visualization view.
    Original languageEnglish
    Title of host publicationECSA '18
    Subtitle of host publicationProceedings of the 12th European Conference on Software Architecture
    PublisherAssociation for Computing Machinery ACM
    ISBN (Electronic)978-1-4503-6483-6
    DOIs
    Publication statusPublished - 24 Sept 2018
    MoE publication typeNot Eligible
    Event12th European Conference on Software Architecture, ECSA 2018 - Madrid, Spain
    Duration: 24 Sept 201828 Sept 2018
    Conference number: 12

    Conference

    Conference12th European Conference on Software Architecture, ECSA 2018
    Abbreviated titleECSA 2018
    Country/TerritorySpain
    CityMadrid
    Period24/09/1828/09/18

    Keywords

    • Anomaly detection
    • Risk analysis
    • Risk management
    • Situational awareness
    • Visualization

    Fingerprint

    Dive into the research topics of 'Combining real-time risk visualization and anomaly detection'. Together they form a unique fingerprint.

    Cite this