Visible to the public Combining Real-Time Risk Visualization and Anomaly Detection

TitleCombining Real-Time Risk Visualization and Anomaly Detection
Publication TypeConference Paper
Year of Publication2018
AuthorsVäisänen, Teemu, Noponen, Sami, Latvala, Outi-Marja, Kuusijärvi, Jarkko
Conference NameProceedings of the 12th European Conference on Software Architecture: Companion Proceedings
ISBN Number978-1-4503-6483-6
Keywordsanomaly detection, human factors, Metrics, pubcrawl, resilience, risk analysis, risk management, Scalability, security risk management, situational awareness, visualization

Traditional risk management produces a rather static listing of weaknesses, probabilities and mitigations. Large share of cyber security risks realize through computer networks. These attacks or attack attempts produce events that are detected by various monitoring techniques such as Intrusion Detection Systems (IDS). Often the link between detecting these potentially dangerous real-time events and risk management process is lacking, or completely missing. This paper presents means for transferring and visualizing the network events in the risk management instantly with a tool called Metrics Visualization System (MVS). The tool is used to dynamically visualize network security events of a Terrestrial Trunked Radio (TETRA) network running in Software Defined Networking (SDN) context as a case study. Visualizations are presented with a treelike graph, that gives a quick easily understandable overview of the cyber security situation. This paper also discusses what network security events are monitored and how they affect the more general risk levels. The major benefit of this approach is that the risk analyst is able to map the designed risk tree/security metrics into actual real-time events and view the system's security posture with the help of a runtime visualization view.

Citation Keyvaisanen_combining_2018