PUMA publications for /https://puma.ub.uni-stuttgart.de/PUMA RSS feed for /2024-03-19T10:14:53+01:00Qualitative Experteninterviews: Konzeptionelle Grundlagen und praktische Durchführunghttps://puma.ub.uni-stuttgart.de/bibtex/22b9d78757bb891f8de64fbcea23f9f06/droesslerdroessler2024-03-19T09:10:50+01:00Datenerhebung Experte Interview Lehrbuch Methode Methodologie Politische Umfrage experteninterviews interviews <span data-person-type="author" class="authorEditorList "><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Robert Kaiser" itemprop="url" href="/person/1973726912514a3e1e90638655a768043/author/0"><span itemprop="name">R. Kaiser</span></a></span></span>. </span><span class="additional-entrytype-information">(<em><span>2021<meta content="2021" itemprop="datePublished"/></span></em>)<em>1 Online-Ressource(XVII, 182 Seiten 21 Abb.).</em></span>Tue Mar 19 09:10:50 CET 2024Wiesbaden2nd ed. 2021.1 Online-Ressource(XVII, 182 Seiten 21 Abb.)Elemente der PolitikQualitative Experteninterviews: Konzeptionelle Grundlagen und praktische DurchführungRatgeber2021Datenerhebung Experte Interview Lehrbuch Methode Methodologie Politische Umfrage experteninterviews interviews Einleitung -- Konzeptionelle und methodologische Grundlagen qualitativer Experteninterviews -- Die Planung und Durchführung qualitativer Experteninterviews -- Die Ergebnisse qualitativer Experteninterviews: Auswertung und Interpretation -- Reflektion: Häufige Probleme und Lösungsansätze -- Kommentierte Literaturauswahl.AlertSets: Supporting Exploratory Analysis of Cybersecurity Alerts through Setshttps://puma.ub.uni-stuttgart.de/bibtex/27c962cd5283e3aa070839ed649f69ee8/franziskabeckerfranziskabecker2024-03-18T16:37:00+01:00DesignStudy VisualAnalytics cybersecurity myown sets visualization <span data-person-type="author" class="authorEditorList "><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Franziska Becker" itemprop="url" href="/person/1daee791594d4891d9a31bca6c3981d04/author/0"><span itemprop="name">F. Becker</span></a></span>, </span><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Christoph Müller" itemprop="url" href="/person/1daee791594d4891d9a31bca6c3981d04/author/1"><span itemprop="name">C. Müller</span></a></span>, </span><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="David Karpuk" itemprop="url" href="/person/1daee791594d4891d9a31bca6c3981d04/author/2"><span itemprop="name">D. Karpuk</span></a></span>, </span> and <span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Thomas Ertl" itemprop="url" href="/person/1daee791594d4891d9a31bca6c3981d04/author/3"><span itemprop="name">T. Ertl</span></a></span></span>. </span><span class="additional-entrytype-information">(<em><span>2024<meta content="2024" itemprop="datePublished"/></span></em>)</span>Mon Mar 18 16:37:00 CET 20241st Japan Visualization Symposium (JapanVis 2024)AlertSets: Supporting Exploratory Analysis of Cybersecurity Alerts through Sets2024DesignStudy VisualAnalytics cybersecurity myown sets visualization Security providers typically deal with large numbers of alerts based on heterogeneous data from many endpoint sensors. While the number of alerts is generally much smaller than the volume of raw data, most alerts are false positives that do not reflect genuinely malicious activity. All types of experts work on such alerts, be it to determine whether they are indeed false positives, to build machine learning models to support their analysis or to keep an eye on the current threat landscape. We conducted a design study to support a diverse group of experts whose working environments are connected to the same alert data. Based on an ongoing industry project that clusters vectorized alerts, we designed and evaluated a visual analytics system enabling exploration via powerful, easy-to-understand filtering mechanisms framed through set operations. In this article, we describe our system, give a detailed breakdown of the design process and the lessons we learned. Lastly, we discuss the results from expert interviews, which showed the set-based framing to align with experts’ intuitive approach to data analysis and helped users uncover improvement opportunities for the clustering pipeline.non-archival conference publicationAlertSets: Supporting Exploratory Analysis of Cybersecurity Alerts through Setshttps://puma.ub.uni-stuttgart.de/bibtex/27c962cd5283e3aa070839ed649f69ee8/visusvisus2024-03-18T16:37:00+01:00<span data-person-type="author" class="authorEditorList "><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Franziska Becker" itemprop="url" href="/person/1daee791594d4891d9a31bca6c3981d04/author/0"><span itemprop="name">F. Becker</span></a></span>, </span><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Christoph Müller" itemprop="url" href="/person/1daee791594d4891d9a31bca6c3981d04/author/1"><span itemprop="name">C. Müller</span></a></span>, </span><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="David Karpuk" itemprop="url" href="/person/1daee791594d4891d9a31bca6c3981d04/author/2"><span itemprop="name">D. Karpuk</span></a></span>, </span> and <span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Thomas Ertl" itemprop="url" href="/person/1daee791594d4891d9a31bca6c3981d04/author/3"><span itemprop="name">T. Ertl</span></a></span></span>. </span><span class="additional-entrytype-information">(<em><span>2024<meta content="2024" itemprop="datePublished"/></span></em>)</span>Mon Mar 18 16:37:00 CET 20241st Japan Visualization Symposium (JapanVis 2024)AlertSets: Supporting Exploratory Analysis of Cybersecurity Alerts through Sets2024Security providers typically deal with large numbers of alerts based on heterogeneous data from many endpoint sensors. While the number of alerts is generally much smaller than the volume of raw data, most alerts are false positives that do not reflect genuinely malicious activity. All types of experts work on such alerts, be it to determine whether they are indeed false positives, to build machine learning models to support their analysis or to keep an eye on the current threat landscape. We conducted a design study to support a diverse group of experts whose working environments are connected to the same alert data. Based on an ongoing industry project that clusters vectorized alerts, we designed and evaluated a visual analytics system enabling exploration via powerful, easy-to-understand filtering mechanisms framed through set operations. In this article, we describe our system, give a detailed breakdown of the design process and the lessons we learned. Lastly, we discuss the results from expert interviews, which showed the set-based framing to align with experts’ intuitive approach to data analysis and helped users uncover improvement opportunities for the clustering pipeline.non-archival conference publicationInteractive Process Tree Analysis: Exploring the Behaviour of Processes with Visual Analytics for Security Operatorshttps://puma.ub.uni-stuttgart.de/bibtex/2437be1e711ca0c9a4f8dd99d695cc27c/franziskabeckerfranziskabecker2024-03-18T16:22:18+01:00cybersecurity myown visualization <span data-person-type="author" class="authorEditorList "><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Robert-Carl Rapp" itemprop="url" href="/person/19c6eb647be65ec6480867986d6acc4e4/author/0"><span itemprop="name">R. Rapp</span></a></span>, </span><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Christoph Müller" itemprop="url" href="/person/19c6eb647be65ec6480867986d6acc4e4/author/1"><span itemprop="name">C. Müller</span></a></span>, </span><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Franziska Becker" itemprop="url" href="/person/19c6eb647be65ec6480867986d6acc4e4/author/2"><span itemprop="name">F. Becker</span></a></span>, </span><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Paolo Palumbo" itemprop="url" href="/person/19c6eb647be65ec6480867986d6acc4e4/author/3"><span itemprop="name">P. Palumbo</span></a></span>, </span> and <span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Thomas Ertl" itemprop="url" href="/person/19c6eb647be65ec6480867986d6acc4e4/author/4"><span itemprop="name">T. Ertl</span></a></span></span>. </span><span class="additional-entrytype-information">(<em><span>2021<meta content="2021" itemprop="datePublished"/></span></em>)</span>Mon Mar 18 16:22:18 CET 2024IEEE Symposium on Visualization for Cyber Security (VizSec)Interactive Process Tree Analysis: Exploring the Behaviour of Processes with Visual Analytics for Security Operators2021cybersecurity myown visualization Despite constant efforts to improve automation for IT security incidents, analysts are often confronted with numerous alerts and have to make sure that they do not miss the most critical of them. The analysts need to quickly decide based on a plethora of yet incomplete
information. This information often includes a tree of parent and child processes in real-world scenarios. We present an augmented visualisation of such a process tree, which not only shows the static hierarchy as previous ones do, but also conveys the temporal relation between processes, thus allowing for investigating the hierarchy and time perspective of the process tree at the same time. Furthermore, it makes additional process-related events collected by endpoint
sensors accessible for a more complete view on process behaviour.Conference PosterInteractive Process Tree Analysis: Exploring the Behaviour of Processes with Visual Analytics for Security Operatorshttps://puma.ub.uni-stuttgart.de/bibtex/2437be1e711ca0c9a4f8dd99d695cc27c/visusvisus2024-03-18T16:22:18+01:00<span data-person-type="author" class="authorEditorList "><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Robert-Carl Rapp" itemprop="url" href="/person/19c6eb647be65ec6480867986d6acc4e4/author/0"><span itemprop="name">R. Rapp</span></a></span>, </span><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Christoph Müller" itemprop="url" href="/person/19c6eb647be65ec6480867986d6acc4e4/author/1"><span itemprop="name">C. Müller</span></a></span>, </span><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Franziska Becker" itemprop="url" href="/person/19c6eb647be65ec6480867986d6acc4e4/author/2"><span itemprop="name">F. Becker</span></a></span>, </span><span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Paolo Palumbo" itemprop="url" href="/person/19c6eb647be65ec6480867986d6acc4e4/author/3"><span itemprop="name">P. Palumbo</span></a></span>, </span> and <span><span itemtype="http://schema.org/Person" itemscope="itemscope" itemprop="author"><a title="Thomas Ertl" itemprop="url" href="/person/19c6eb647be65ec6480867986d6acc4e4/author/4"><span itemprop="name">T. Ertl</span></a></span></span>. </span><span class="additional-entrytype-information">(<em><span>2021<meta content="2021" itemprop="datePublished"/></span></em>)</span>Mon Mar 18 16:22:18 CET 2024IEEE Symposium on Visualization for Cyber Security (VizSec)Interactive Process Tree Analysis: Exploring the Behaviour of Processes with Visual Analytics for Security Operators2021Despite constant efforts to improve automation for IT security incidents, analysts are often confronted with numerous alerts and have to make sure that they do not miss the most critical of them. The analysts need to quickly decide based on a plethora of yet incomplete
information. This information often includes a tree of parent and child processes in real-world scenarios. We present an augmented visualisation of such a process tree, which not only shows the static hierarchy as previous ones do, but also conveys the temporal relation between processes, thus allowing for investigating the hierarchy and time perspective of the process tree at the same time. Furthermore, it makes additional process-related events collected by endpoint
sensors accessible for a more complete view on process behaviour.Conference Poster