Complex dependencies exist across the technology estate, users and purposes of machines. This can make it difficult to efficiently detect attacks. Visualization to date is used to communicate patterns of raw system logs, or to visualize the output of detection systems and has obvious extensions in cyber security decision making. This research area explores novel approaches to help identify and communicate insight about cyber security, in particular cyber attacks to different types of audiences including lay people, risk owners, business owners and security analysts. This research involves identifying capability gaps in generating threat insights and situational awareness to end users in order for them to make well-informed decisions about what to do once a cyber attack has been detected, or help users detect attacks in the first place. The research makes use of user studies to also obtain feedback (qualitative and quantitative) about the performance and usefulness of the visualization techniques proposed.

• Jassim Happa

• Jassim Happa, Ioannis Agrafiotis, Martin Helmhout, Thomas Bashford-Rogers, Michael Goldsmith, Sadie Creese. Assessing a Decision Support Tool for SOC Analysts. Digital Threats Research and Practice (DTRAP). 2021.
• Alain Gómez-Cabrera, Ponciano J. Escamilla-Ambrosio, Abraham Rodríguez-Mota, and Jassim Happa. Towards a Visual Grammar for IoT Systems Representation and their Cybersecurity Requirements. In Colombian Conference on Communications and Computing (COLCOM), IEEE, 2020.
• Jassim Happa, Thomas Bashford-Rogers, Ioannis Agrafiotis, Michael Goldsmith, and Sadie Creese. Anomaly Detection Using Pattern-of-Life Visual Metaphors. IEEE Access. 2019.
• Kholood Al Tabash and Jassim Happa. Insider-threat detection using gaussian mixture models and sensitivity profiles. Computers & Security. 2018.
• Munir Geden and Jassim Happa. Classification of malware families based on runtime behaviour. In International Symposium on Cyberspace Safety and Security. Springer. 2018.
• Christian Vaas and Jassim Happa. Detecting disguised processes using application-behavior profiling. In International Symposium on Technologies for Homeland Security (HST). IEEE. 2017.
• Jassim Happa. Addressing Uncertainty using Hypothesis-Uncertainty Graphs. Critical Visualization Symposium. Oxford. 2017.
• Arnau Erola, Ioannis Agrafiotis, Jassim Happa, Michael Goldsmith, Sadie Creese, and Philip A. Legg. RicherPicture: Semi-automated cyber defence using context-aware data analytics. In International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), IEEE, 2017.
• Sadie Creese, Michael Goldsmith, Nick Moffat, Jassim Happa, and Ioannis Agrafiotis. Cybervis: visualizing the potential impact of cyber attacks on the wider enterprise. In IEEE International Conference on Technologies for Homeland Security (HST). IEEE. 2013.
• James Nicholls, Dominik Peters, Albert Slawinski, Thomas Spoor, Sergiu Vicol, Jassim Happa, Michael Goldsmith, and Sadie Creese. NetVis: a Visualization Tool Enabling Multiple Perspectives of Network Traffic Data. In Eurographics, UK Chapter. 2013.