We present VIGOR, a novel interactive visual analytics system, for exploring and making sense of graph query results. VIGOR contributes an exemplar-based interaction technique and a feature-aware subgraph result summarization. Through a collaboration with Symantec, we demonstrate how VIGOR helps tackle real-world cybersecurity problems.
Smoke Detector significantly expands upon limited collections of hand-labeled security incidents by framing event data as relationships between events and machines, and performing random walks to rank candidate security incidents. Smoke Detector significantly increases incident detection coverage for mature Managed Security Service Providers.
We study the problem of determining the proper aggregation granularity for a stream of time-stamped edges. To this end, we propose ADAGE and demonstrate its value in automatically finding the appropriate aggregation intervals on edge streams for belief propagation to detect malicious files and machines.
We present AESOP, a scalable algorithm that identifies malicious executable files by leveraging a novel combination of locality-sensitive hashing and belief propagation. AESOP attained early labeling of 99% of benign files and 79% of malicious files with a 0.9961 true positive rate at 0.0001 false positive rate.