Despite constant efforts to improve automation for IT security incidents, analysts are often confronted with numerous alerts and have to make sure that they do not miss the most critical of them. The analysts need to quickly decide based on a plethora of yet incomplete
information. This information often includes a tree of parent and child processes in real-world scenarios. We present an augmented visualisation of such a process tree, which not only shows the static hierarchy as previous ones do, but also conveys the temporal relation between processes, thus allowing for investigating the hierarchy and time perspective of the process tree at the same time. Furthermore, it makes additional process-related events collected by endpoint
sensors accessible for a more complete view on process behaviour.
%0 Generic
%1 rapp2021interactive
%A Rapp, Robert-Carl
%A Müller, Christoph
%A Becker, Franziska
%A Palumbo, Paolo
%A Ertl, Thomas
%B IEEE Symposium on Visualization for Cyber Security (VizSec)
%D 2021
%I IEEE
%K cybersecurity myown visualization visus:beckerfa visus:ertl visus:mueller visus:rapprt
%T Interactive Process Tree Analysis: Exploring the Behaviour of Processes with Visual Analytics for Security Operators
%X Despite constant efforts to improve automation for IT security incidents, analysts are often confronted with numerous alerts and have to make sure that they do not miss the most critical of them. The analysts need to quickly decide based on a plethora of yet incomplete
information. This information often includes a tree of parent and child processes in real-world scenarios. We present an augmented visualisation of such a process tree, which not only shows the static hierarchy as previous ones do, but also conveys the temporal relation between processes, thus allowing for investigating the hierarchy and time perspective of the process tree at the same time. Furthermore, it makes additional process-related events collected by endpoint
sensors accessible for a more complete view on process behaviour.
@conference{rapp2021interactive,
abstract = {Despite constant efforts to improve automation for IT security incidents, analysts are often confronted with numerous alerts and have to make sure that they do not miss the most critical of them. The analysts need to quickly decide based on a plethora of yet incomplete
information. This information often includes a tree of parent and child processes in real-world scenarios. We present an augmented visualisation of such a process tree, which not only shows the static hierarchy as previous ones do, but also conveys the temporal relation between processes, thus allowing for investigating the hierarchy and time perspective of the process tree at the same time. Furthermore, it makes additional process-related events collected by endpoint
sensors accessible for a more complete view on process behaviour.},
added-at = {2024-03-18T16:22:18.000+0100},
author = {Rapp, Robert-Carl and Müller, Christoph and Becker, Franziska and Palumbo, Paolo and Ertl, Thomas},
biburl = {https://puma.ub.uni-stuttgart.de/bibtex/2437be1e711ca0c9a4f8dd99d695cc27c/franziskabecker},
booktitle = {IEEE Symposium on Visualization for Cyber Security (VizSec)},
description = {Conference Poster},
interhash = {9c6eb647be65ec6480867986d6acc4e4},
intrahash = {437be1e711ca0c9a4f8dd99d695cc27c},
keywords = {cybersecurity myown visualization visus:beckerfa visus:ertl visus:mueller visus:rapprt},
language = {en},
publisher = {IEEE},
timestamp = {2024-04-04T10:58:38.000+0200},
title = {Interactive Process Tree Analysis: Exploring the Behaviour of Processes with Visual Analytics for Security Operators},
year = 2021
}
