PUMA publications for /tag/VisualAnalyticsMon Mar 18 16:37:00 CET 20241st Japan Visualization Symposium (JapanVis 2024)AlertSets: Supporting Exploratory Analysis of Cybersecurity Alerts through Sets2024DesignStudy VisualAnalytics cybersecurity sets visualization visus:beckerfa visus:ertl visus:mueller Security providers typically deal with large numbers of alerts based on heterogeneous data from many endpoint sensors. While the number of alerts is generally much smaller than the volume of raw data, most alerts are false positives that do not reflect genuinely malicious activity. All types of experts work on such alerts, be it to determine whether they are indeed false positives, to build machine learning models to support their analysis or to keep an eye on the current threat landscape. We conducted a design study to support a diverse group of experts whose working environments are connected to the same alert data. Based on an ongoing industry project that clusters vectorized alerts, we designed and evaluated a visual analytics system enabling exploration via powerful, easy-to-understand filtering mechanisms framed through set operations. In this article, we describe our system, give a detailed breakdown of the design process and the lessons we learned. Lastly, we discuss the results from expert interviews, which showed the set-based framing to align with experts’ intuitive approach to data analysis and helped users uncover improvement opportunities for the clustering pipeline.Mon Mar 18 10:53:07 CET 20242020 IEEE Symposium on Visualization for Cyber Security (VizSec)oct25-29Interpretable Visualizations of Deep Neural Networks for Domain Generation Algorithm Detection2020Cybersecurity DomainGenerationAlgorithms VisualAnalytics Visualization vis4ai visus:beckerfa visus:ertl visus:mueller Due to their success in many application areas, deep learning models have found wide adoption for many problems. However, their black-box nature makes it hard to trust their decisions and to evaluate their line of reasoning. In the field of cybersecurity, this lack of trust and understanding poses a significant challenge for the utilization of deep learning models. Thus, we present a visual analytics system that provides designers of deep learning models for the classification of domain generation algorithms with understandable interpretations of their model. We cluster the activations of the model's nodes and leverage decision trees to explain these clusters. In combination with a 2D projection, the user can explore how the model views the data at different layers. In a preliminary evaluation of our system, we show how it can be employed to better understand misclassifications, identify potential biases and reason about the role different layers in a model may play.VisualAnalyticsCommunity for tag(s) VisualAnalytics