The first DiSIEM scientific publication was recently presented at EuroVA – 8th International EuroVis Workshop on Visual Analytics. The paper entitled A Visual Analytics Approach for User Behaviour Understanding through Action Sequence Analysis presents an approach to provide a comprehensive understanding of user behaviour through the visual analysis of action sequences, and was developed in a joint work of City University of London, Fraunhofer IAIS and Amadeus.

This work tackles a limitation of existing SIEMs, and in particular their UBA (User Behavior Analytics) modules, by providing proper means for summarising session data in simple visual objects.

The whole team is to be congratulated for the first of many publications to come.

 

More information:

Full reference:
Phong H. Nguyen, Cagatay Turkay, Gennady Andrienko, Natalia Andrienko and Olivier Thonnard. A Visual Analytics Approach for User Behaviour Understanding through Action Sequence Analysis. Proceedings of 8th International EuroVis Workshop on Visual Analytics (EuroVA 2017), June 12-13, 2017, Barcelona, Spain.

Paper Abstract:
Analysis of action sequence data provides new opportunities to understand and model user behaviour. Such data are often in the form of timestamped and labelled series of atomic user actions. Cyber security is one of the domains that show the value of the analysis of these data. Elaborate and specialised models of user-behaviour are desired for effective decision making during investigation of cyber threats. However, due to their complex nature, activity sequences are not yet well-exploited within cyber security systems. In this paper, we describe the initial phases of a visual analytics approach that aims to enable a rich understanding of user behaviour through the analysis of user activity sequences. First, we discuss a motivating case study and discuss a number of high level requirements as derived from a series of workshops within an ongoing research project. We then present the components of a visual analytics approach that constitutes a novel combination of “action space” analysis, pattern mining, and the interactive visual analysis of multiple sequences to take the initial steps towards a comprehensive understanding of user behaviour.