• D7.2 VIS-SENSE Website and Logo (M3)

    The VIS-SENSE logo and website were completed with the delivery of deliverable D7.2 VIS-SENSE Public and Private Website and VIS-SENSE Logo. The logo and public website are briefly described here.
  • D1.1 Analysis of Current Practices (M6)

    This document provides an overview of the fields of visual analytics and network security analytics. It details the state-of-the-art techniques, algorithms and tools, which were developed in the past and are in use.
  • D2.1 Network Information Sources (M6)

    This deliverable provides an overview of the data sources that are directly relevant to the VIS-SENSE project. Publicly accessible datasets for BGP interaction, datasets developed in the WOMBAT project and blacklisting and email reputation services are considered.
  • D3.1 Specification of the Network Analytics Algorithms (M9)

    The algorithms required for the VIS-SENSE network analytics layer are described in this deliverable. The problems considered include feature selection, data fusion, clustering, attack attribution, alert correlation and the identification of abnormal behaviour.
  • D1.2 Use Case Analysis and User Scenarios (M12)

    This deliverable identifies user requirements and describes the user scenarios that will drive the development of a bespoke visual analytics framework for security analysis and visualization. It will provide a starting point for a more detailed specification of the overall VIS-SENSE system architecture.
  • D7.1.1 Initial Dissemination Report (M12)

    This deliverable is the first dissemination report of the VIS-SENSE project. It contains a description of the dissemination activities of the first year of the project. These included scientific publications, invited talks, participation in clustering activities, as well as the creation of a project website.
  • D2.2 Data Collection Infrastructure (M18)

    The VIS-SENSE data collection infrastructure and the associated data sets are presented in this project deliverable. The SGNET, HARMUR, SpamCloud, Spamtracer and BGPDB data sets are presented, as well as a new version of the WOMBAT API. This was extended to provide access to the VIS-SENSE data sets.
  • D3.2 Correlation Analysis and Abnormal Event Detection Module (M24)

    This deliverable describes the anomaly detection algorithms threat monitoring and BGP hijack detection. Both distance and non-distance based approaches were developed for threat monitoring. In addition, variety of features were extracted from raw BGP data and correlated in order to improve hijack detection.
  • D3.3 Attack Attribution Module (M24)

    This deliverable presents the attack attribution module, which is part of the network analytics work package. Attack attribution aims at identifying large-scale security phenomena and linking them to the same root cause.
  • D4.1 Visual Network Analysis Module (M24)

    This deliverable presents the visualization components developed for the interactive analysis of nettwork events and for attack attribution. In addition, two novel visual-interactive feature selection methods are presented.
  • D4.2 Visual Correlation Analysis Module (M24)

    In this deliverable, three visual analytics tools for correlation analysis are presented. ClockView and ClockMap enable monitoring of large netorks at host level. VisTracer enables the correlation of BGP routing path changes in the data and control planes.
  • D4.3 Visual Analysis System for Interactive Scalable Analysis (M24)

    Scalable interactive visualizations are presented in this deliverable. These focus on the analysis of TRIAGE clusters using node-link diagrams and pixel-based representations. In addition a prototype system is presented which combines different visualization techniques and applies them to large security data sets.
  • D7.1.2 Intermediate Dissemination Report (M24)

    This deliverable is the intermediate dissemination report of the VIS-SENSE project. It contains a description of the dissemination activities of the second year of the project. These included scientific publications, the redesign of the project website and the creation of a project flyer.
  • D6.1 Threat Landscape Identification Scenario (M36)

    In this deliverable a series of case studies are presented to illustrate the application of the VIS-SENSE framework to the analysis of the Internet Threat Landscape. The datasets considered include scam attacks, spam attacks and web threats.
  • D6.2 BGP Analysis Scenario (M36)

    The application of the VIS-SENSE framework in the analysis of the Internet control plane (BGP) is presented in this deliverable. The document presents three case studies in detail, in which it is shown that the BGP is abused for malicious purposes.
  • D6.3 VIS-SENSE Framework Evaluation (M38)

    A series of evaluations of the VIS-SENSE framework are presented in this deliverable. These include the validation of requirements, an evaluation of glyph perception, participation in an international competition and a field study.
  • D7.1.3 Final Dissemination Report (M38)

    This deliverable is the final dissemination report of the VIS-SENSE project. It contains a description of the dissemination activities of the third year of the project. These included scientific publications, exhibitions, additions to the project website and the creation of a project flyer.
  • D7.4 Report on Standardisation Efforts (M38)

    The networking and standardization activities of the VIS-SENSE project are described in this deliverable. The networking activities aimed at making academia and industry aware of the project and its results. The standardization activities aimed to contribute insights gained in the project to a wider community.