City Research Online

User Behavior Map: Visual Exploration for Cyber Security Session Data

Chen, S., Chen, S., Andrienko, N. ORCID: 0000-0003-3313-1560, Andrienko, G. ORCID: 0000-0002-8574-6295, Nguyen, P. ORCID: 0000-0001-5643-0585, Turkay, C. ORCID: 0000-0001-6788-251X, Thonnard, O. and Yuan, X. (2019). User Behavior Map: Visual Exploration for Cyber Security Session Data. 2018 IEEE SYMPOSIUM ON VISUALIZATION FOR CYBER SECURITY (VIZSEC 2018), pp. 1-4. doi: 10.1109/VIZSEC.2018.8709223 ISSN 2639-4359

Abstract

User behavior analysis is complex and especially crucial in the cyber security domain. Understanding dynamic and multi-variate user behavior are challenging. Traditional sequential and timeline based method cannot easily address the complexity of temporal and relational features of user behaviors. We propose a map-based visual metaphor and create an interactive map for encoding user behaviors. It enables analysts to explore and identify user behavior patterns and helps them to understand why some behaviors are regarded as anomalous. We experiment with a real dataset containing multiple user sessions, consisting of sequences of diverse types of actions. In the behavior map, we encode an action as a city and user sessions as trajectories going through the cities. The position of the cities is determined by the sequential and temporal relationship of actions. Spatial and temporal patterns on the map reflect behavior patterns in the action space. In the case study, we illustrate how we explore relationships between actions, identify patterns of the typical session and detect anomaly behaviors.

Publication Type: Conference or Workshop Item (UNSPECIFIED)
Additional Information: © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Publisher Keywords: Behavior Analysis; Map Metaphor; Cyber Security
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments: School of Mathematics, Computer Science & Engineering > Computer Science
URI: http://openaccess.city.ac.uk/id/eprint/23211
[img] Text - Accepted Version
Download (62kB)

Export

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login