Combining real-time risk visualization and anomaly detection

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    Abstract

    Traditional risk management produces a rather static listing of weaknesses, probabilities and mitigations. Large share of cyber security risks realize through computer networks. These attacks or attack attempts produce events that are detected by various monitoring techniques such as Intrusion Detection Systems (IDS). Often the link between detecting these potentially dangerous real-time events and risk management process is lacking, or completely missing. This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS). The tool is used to dynamically visualize network security events of a Terrestrial Trunked Radio (TETRA) network running in Software Defined Networking (SDN) context as a case study. Visualizations are presented with a treelike graph, that gives a quick easily understandable overview of the cyber security situation. This paper also discusses what network security events are monitored and how they affect the more general risk levels. The major benefit of this approach is that the risk analyst is able to map the designed risk tree/security metrics into actual real-time events and view the system's security posture with the help of a runtime visualization view.
    Original languageEnglish
    Title of host publicationECSA '18
    Subtitle of host publicationProceedings of the 12th European Conference on Software Architecture
    PublisherAssociation for Computing Machinery ACM
    ISBN (Electronic)978-1-4503-6483-6
    DOIs
    Publication statusPublished - 24 Sep 2018
    MoE publication typeNot Eligible
    Event12th European Conference on Software Architecture, ECSA 2018 - Madrid, Spain
    Duration: 24 Sep 201828 Sep 2018
    Conference number: 12

    Conference

    Conference12th European Conference on Software Architecture, ECSA 2018
    Abbreviated titleECSA 2018
    CountrySpain
    CityMadrid
    Period24/09/1828/09/18

    Fingerprint

    Visualization
    Risk management
    Network security
    Intrusion detection
    Computer networks
    Security systems
    Monitoring

    Keywords

    • Anomaly detection
    • Risk analysis
    • Risk management
    • Situational awareness
    • Visualization

    Cite this

    Väisänen, T., Noponen, S., Latvala, O. M., & Kuusijärvi, J. (2018). Combining real-time risk visualization and anomaly detection. In ECSA '18: Proceedings of the 12th European Conference on Software Architecture [a55] Association for Computing Machinery ACM. https://doi.org/10.1145/3241403.3241460
    Väisänen, Teemu ; Noponen, Sami ; Latvala, Outi Marja ; Kuusijärvi, Jarkko. / Combining real-time risk visualization and anomaly detection. ECSA '18: Proceedings of the 12th European Conference on Software Architecture. Association for Computing Machinery ACM, 2018.
    @inproceedings{8267ab5d3133494b8ffc4a6f5bb99756,
    title = "Combining real-time risk visualization and anomaly detection",
    abstract = "Traditional risk management produces a rather static listing of weaknesses, probabilities and mitigations. Large share of cyber security risks realize through computer networks. These attacks or attack attempts produce events that are detected by various monitoring techniques such as Intrusion Detection Systems (IDS). Often the link between detecting these potentially dangerous real-time events and risk management process is lacking, or completely missing. This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS). The tool is used to dynamically visualize network security events of a Terrestrial Trunked Radio (TETRA) network running in Software Defined Networking (SDN) context as a case study. Visualizations are presented with a treelike graph, that gives a quick easily understandable overview of the cyber security situation. This paper also discusses what network security events are monitored and how they affect the more general risk levels. The major benefit of this approach is that the risk analyst is able to map the designed risk tree/security metrics into actual real-time events and view the system's security posture with the help of a runtime visualization view.",
    keywords = "Anomaly detection, Risk analysis, Risk management, Situational awareness, Visualization",
    author = "Teemu V{\"a}is{\"a}nen and Sami Noponen and Latvala, {Outi Marja} and Jarkko Kuusij{\"a}rvi",
    year = "2018",
    month = "9",
    day = "24",
    doi = "10.1145/3241403.3241460",
    language = "English",
    booktitle = "ECSA '18",
    publisher = "Association for Computing Machinery ACM",
    address = "United States",

    }

    Väisänen, T, Noponen, S, Latvala, OM & Kuusijärvi, J 2018, Combining real-time risk visualization and anomaly detection. in ECSA '18: Proceedings of the 12th European Conference on Software Architecture., a55, Association for Computing Machinery ACM, 12th European Conference on Software Architecture, ECSA 2018, Madrid, Spain, 24/09/18. https://doi.org/10.1145/3241403.3241460

    Combining real-time risk visualization and anomaly detection. / Väisänen, Teemu; Noponen, Sami; Latvala, Outi Marja; Kuusijärvi, Jarkko.

    ECSA '18: Proceedings of the 12th European Conference on Software Architecture. Association for Computing Machinery ACM, 2018. a55.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Combining real-time risk visualization and anomaly detection

    AU - Väisänen, Teemu

    AU - Noponen, Sami

    AU - Latvala, Outi Marja

    AU - Kuusijärvi, Jarkko

    PY - 2018/9/24

    Y1 - 2018/9/24

    N2 - Traditional risk management produces a rather static listing of weaknesses, probabilities and mitigations. Large share of cyber security risks realize through computer networks. These attacks or attack attempts produce events that are detected by various monitoring techniques such as Intrusion Detection Systems (IDS). Often the link between detecting these potentially dangerous real-time events and risk management process is lacking, or completely missing. This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS). The tool is used to dynamically visualize network security events of a Terrestrial Trunked Radio (TETRA) network running in Software Defined Networking (SDN) context as a case study. Visualizations are presented with a treelike graph, that gives a quick easily understandable overview of the cyber security situation. This paper also discusses what network security events are monitored and how they affect the more general risk levels. The major benefit of this approach is that the risk analyst is able to map the designed risk tree/security metrics into actual real-time events and view the system's security posture with the help of a runtime visualization view.

    AB - Traditional risk management produces a rather static listing of weaknesses, probabilities and mitigations. Large share of cyber security risks realize through computer networks. These attacks or attack attempts produce events that are detected by various monitoring techniques such as Intrusion Detection Systems (IDS). Often the link between detecting these potentially dangerous real-time events and risk management process is lacking, or completely missing. This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS). The tool is used to dynamically visualize network security events of a Terrestrial Trunked Radio (TETRA) network running in Software Defined Networking (SDN) context as a case study. Visualizations are presented with a treelike graph, that gives a quick easily understandable overview of the cyber security situation. This paper also discusses what network security events are monitored and how they affect the more general risk levels. The major benefit of this approach is that the risk analyst is able to map the designed risk tree/security metrics into actual real-time events and view the system's security posture with the help of a runtime visualization view.

    KW - Anomaly detection

    KW - Risk analysis

    KW - Risk management

    KW - Situational awareness

    KW - Visualization

    UR - http://www.scopus.com/inward/record.url?scp=85055714371&partnerID=8YFLogxK

    U2 - 10.1145/3241403.3241460

    DO - 10.1145/3241403.3241460

    M3 - Conference article in proceedings

    AN - SCOPUS:85055714371

    BT - ECSA '18

    PB - Association for Computing Machinery ACM

    ER -

    Väisänen T, Noponen S, Latvala OM, Kuusijärvi J. Combining real-time risk visualization and anomaly detection. In ECSA '18: Proceedings of the 12th European Conference on Software Architecture. Association for Computing Machinery ACM. 2018. a55 https://doi.org/10.1145/3241403.3241460