Combining real-time risk visualization and anomaly detection

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

Traditional risk management produces a rather static listing of weaknesses, probabilities and mitigations. Large share of cyber security risks realize through computer networks. These attacks or attack attempts produce events that are detected by various monitoring techniques such as Intrusion Detection Systems (IDS). Often the link between detecting these potentially dangerous real-time events and risk management process is lacking, or completely missing. This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS). The tool is used to dynamically visualize network security events of a Terrestrial Trunked Radio (TETRA) network running in Software Defined Networking (SDN) context as a case study. Visualizations are presented with a treelike graph, that gives a quick easily understandable overview of the cyber security situation. This paper also discusses what network security events are monitored and how they affect the more general risk levels. The major benefit of this approach is that the risk analyst is able to map the designed risk tree/security metrics into actual real-time events and view the system's security posture with the help of a runtime visualization view.
Original languageEnglish
Title of host publicationECSA '18
Subtitle of host publicationProceedings of the 12th European Conference on Software Architecture
PublisherAssociation for Computing Machinery ACM
ISBN (Electronic)978-1-4503-6483-6
DOIs
Publication statusPublished - 24 Sep 2018
MoE publication typeNot Eligible
Event12th European Conference on Software Architecture, ECSA 2018 - Madrid, Spain
Duration: 24 Sep 201828 Sep 2018
Conference number: 12

Conference

Conference12th European Conference on Software Architecture, ECSA 2018
Abbreviated titleECSA 2018
CountrySpain
CityMadrid
Period24/09/1828/09/18

Fingerprint

Visualization
Risk management
Network security
Intrusion detection
Computer networks
Security systems
Monitoring

Keywords

  • Anomaly detection
  • Risk analysis
  • Risk management
  • Situational awareness
  • Visualization

Cite this

Väisänen, T., Noponen, S., Latvala, O. M., & Kuusijärvi, J. (2018). Combining real-time risk visualization and anomaly detection. In ECSA '18: Proceedings of the 12th European Conference on Software Architecture [a55] Association for Computing Machinery ACM. https://doi.org/10.1145/3241403.3241460
Väisänen, Teemu ; Noponen, Sami ; Latvala, Outi Marja ; Kuusijärvi, Jarkko. / Combining real-time risk visualization and anomaly detection. ECSA '18: Proceedings of the 12th European Conference on Software Architecture. Association for Computing Machinery ACM, 2018.
@inproceedings{8267ab5d3133494b8ffc4a6f5bb99756,
title = "Combining real-time risk visualization and anomaly detection",
abstract = "Traditional risk management produces a rather static listing of weaknesses, probabilities and mitigations. Large share of cyber security risks realize through computer networks. These attacks or attack attempts produce events that are detected by various monitoring techniques such as Intrusion Detection Systems (IDS). Often the link between detecting these potentially dangerous real-time events and risk management process is lacking, or completely missing. This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS). The tool is used to dynamically visualize network security events of a Terrestrial Trunked Radio (TETRA) network running in Software Defined Networking (SDN) context as a case study. Visualizations are presented with a treelike graph, that gives a quick easily understandable overview of the cyber security situation. This paper also discusses what network security events are monitored and how they affect the more general risk levels. The major benefit of this approach is that the risk analyst is able to map the designed risk tree/security metrics into actual real-time events and view the system's security posture with the help of a runtime visualization view.",
keywords = "Anomaly detection, Risk analysis, Risk management, Situational awareness, Visualization",
author = "Teemu V{\"a}is{\"a}nen and Sami Noponen and Latvala, {Outi Marja} and Jarkko Kuusij{\"a}rvi",
year = "2018",
month = "9",
day = "24",
doi = "10.1145/3241403.3241460",
language = "English",
booktitle = "ECSA '18",
publisher = "Association for Computing Machinery ACM",
address = "United States",

}

Väisänen, T, Noponen, S, Latvala, OM & Kuusijärvi, J 2018, Combining real-time risk visualization and anomaly detection. in ECSA '18: Proceedings of the 12th European Conference on Software Architecture., a55, Association for Computing Machinery ACM, 12th European Conference on Software Architecture, ECSA 2018, Madrid, Spain, 24/09/18. https://doi.org/10.1145/3241403.3241460

Combining real-time risk visualization and anomaly detection. / Väisänen, Teemu; Noponen, Sami; Latvala, Outi Marja; Kuusijärvi, Jarkko.

ECSA '18: Proceedings of the 12th European Conference on Software Architecture. Association for Computing Machinery ACM, 2018. a55.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Combining real-time risk visualization and anomaly detection

AU - Väisänen, Teemu

AU - Noponen, Sami

AU - Latvala, Outi Marja

AU - Kuusijärvi, Jarkko

PY - 2018/9/24

Y1 - 2018/9/24

N2 - Traditional risk management produces a rather static listing of weaknesses, probabilities and mitigations. Large share of cyber security risks realize through computer networks. These attacks or attack attempts produce events that are detected by various monitoring techniques such as Intrusion Detection Systems (IDS). Often the link between detecting these potentially dangerous real-time events and risk management process is lacking, or completely missing. This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS). The tool is used to dynamically visualize network security events of a Terrestrial Trunked Radio (TETRA) network running in Software Defined Networking (SDN) context as a case study. Visualizations are presented with a treelike graph, that gives a quick easily understandable overview of the cyber security situation. This paper also discusses what network security events are monitored and how they affect the more general risk levels. The major benefit of this approach is that the risk analyst is able to map the designed risk tree/security metrics into actual real-time events and view the system's security posture with the help of a runtime visualization view.

AB - Traditional risk management produces a rather static listing of weaknesses, probabilities and mitigations. Large share of cyber security risks realize through computer networks. These attacks or attack attempts produce events that are detected by various monitoring techniques such as Intrusion Detection Systems (IDS). Often the link between detecting these potentially dangerous real-time events and risk management process is lacking, or completely missing. This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS). The tool is used to dynamically visualize network security events of a Terrestrial Trunked Radio (TETRA) network running in Software Defined Networking (SDN) context as a case study. Visualizations are presented with a treelike graph, that gives a quick easily understandable overview of the cyber security situation. This paper also discusses what network security events are monitored and how they affect the more general risk levels. The major benefit of this approach is that the risk analyst is able to map the designed risk tree/security metrics into actual real-time events and view the system's security posture with the help of a runtime visualization view.

KW - Anomaly detection

KW - Risk analysis

KW - Risk management

KW - Situational awareness

KW - Visualization

UR - http://www.scopus.com/inward/record.url?scp=85055714371&partnerID=8YFLogxK

U2 - 10.1145/3241403.3241460

DO - 10.1145/3241403.3241460

M3 - Conference article in proceedings

BT - ECSA '18

PB - Association for Computing Machinery ACM

ER -

Väisänen T, Noponen S, Latvala OM, Kuusijärvi J. Combining real-time risk visualization and anomaly detection. In ECSA '18: Proceedings of the 12th European Conference on Software Architecture. Association for Computing Machinery ACM. 2018. a55 https://doi.org/10.1145/3241403.3241460