VIAssist helps you analyze network traffic and security event data by providing scalable, visual representations of your cyber data.

Computer networks are growing larger and more complex as commercial and government entities have increasingly come to depend on the cyber infrastructure. Against this backdrop of increased complexity and reliance on the network infrastructure, the number of cyber attacks against critical cyber-infrastructure have also increased. The stakes have increased as well. The 2007 Russian cyber attack against Estonia hints at the future of cyber warfare: coordinated bots can attack and cripple the cyber-infrastructure of a nation.

To combat this threat, the Secure Decisions division of Applied Visions Inc. is developing technolo-gies for cyber defenders to facilitate the discovery, analysis and understanding of cyber attacks. This collaborative visual analytics platform, VIAssist, enhances Situational Awareness (SA), facilitates collaboration and enables the analysis and understanding of cyber events. VIAssist links mul-tiple visualizations into a multi-display system that enhances SA through multiple levels of visual analysis, from a high-level dashboard overview to powerful visualizations to the low-level textual details of cyber-related data. This enables analysts to view network and event data from multiple perspectives and levels of details.

A Cognitive Task Analysis (CTA) of cyber defenders in commercial and military environments informed the system’s design; for example, motivating the collaborative and reporting functionality that differentiate VIAssist from other visualization systems. Based on the results of the CTA, we know that cyber defenders need to be able to understand the big picture, to answer questions they didn’t know they had, to put events into their larger context, to collaborate and generate hypotheses with other cyber defenders and to clearly and accurately report their hypothesis and findings. VIAssist provides an intuitive, customizable dashboard to provide a big picture view. Multiple visualizations are linked together to facilitate exploration and discovery. Different kinds of visualizations are provided to enable the analysis of events in network, temporal, and geographic contexts.

Collaboration is supported in multiple ways: through shared lists of critical and potentially malicious IP addresses, annotations, workspaces, and expressions. Embedded communication and reporting tools enable analysts to easily create and reuse templates that allow less-technical users to understand findings through the visualizations.

VIAssist was demonstrated at the 2006 Coalition Warrior Interoperability Demonstration, where it was named one of the "Top Technology Trials" for that important annual international military exercise. You can read about it here (see page 5).

This project is currently funded by the Department of Homeland Security Science and Technology Directorate through BAA07-09, Cyber Security Research and Development (CSRD).