Articles

In this section you can read articles submited by AEGIS members & associates.

Read articles on the latest trends in IT as well as Computer Science.

AEGIS members and also associates of our company submit articles every month. Subjects include Big Data, Cybersecurity, Data Visualization etc.

In addition, interesting articles and posts from various journals and/or sites can be found here.

The Power of Data Visualization

The Power of Data Visualization

The Power of Data Visualization

Spiros Fotis Jr.

Spiros Fotis Jr.

Project Manager of AEGIS IT Research

Back in 1921, Frederick R. Barnard published a piece commending the effectiveness of graphics in advertising with the title “One look is worth a thousand words”1https://www.phrases.org.uk/meanings/a-picture-is-worth-a-thousand-words. Almost a 100 years later, in the IoT era, this phrase seems to become even more important as a huge amount of information and data is generated every day. The digital revolution we are experiencing has made it quite easy to record, collect and analyze data. Nevertheless, the analysis of infinite data in the hopes of drawing useful insight for our business, is a process in the size of which our human brain cannot cope with ease. Our data-driven world demands ease of access to useful information at a glance! That’s where data visualization comes at play.

Visual information is the most valuable form of information for our brain. According to MIT, the human brain can process an image in just 13 milliseconds and thus it comes to no surprise that 90% of the information transmitted to the brain is visual2http://news.mit.edu/2014/in-the-blink-of-an-eye-0116. This comes to agreement with the findings of a study from the University of Minnesota stating that human brains process visuals 60,000 times faster than they do text3http://misrc.umn.edu/workingpapers/fullpapers/1986/8611.pdf .

Apparently, the human brain receives and processes visual information more effectively. People who follow directions with illustrations do 323% better than those who follow text-only directions. Remarkably, the Cornell university found that If a scientific claim is presented in pure words or numbers, 68% of people will believe that the information is accurate and truthful. But if you put a simple graph with the claim, the number rises to 97%4https://link.springer.com/article/10.1007/BF02765184! Additionally, The Wharton School of Business found that while only half of an audience was convinced by a purely verbal presentation, that number jumped to over two thirds when visuals were added5https://www.amanet.org/articles/using-visual-language-to-create-the-case-for-change/.

It now starts to make sense why data visualizations are so powerful. They allow for more efficient transfer of information within an organization which will serve to make one’s business more efficient in general. With data only getting more important for organizations in the near future, effective and efficient data utilization to the extraction of valuable insight may well provide the competitive advantage an organization might need. Utilizing an efficient, effective, and capable business intelligence tool that offers data visualization capabilities like the AEGIS Visualization Toolkit is an essential asset for organizations seeking to thrive into a highly competitive data-driven environment.

Posted by AegisDemoAdmin in Articles
Visualisations against challenges in Digital Forensics

Visualisations against challenges in Digital Forensics

Visualisations against challenges in Digital Forensics

Leonidas Kallipolitis

Leonidas Kallipolitis

Technical Manager of AEGIS IT Research

As digital crimes continue to rise, the need for digital forensics also increases. Digital forensics is the scientific examination and analysis of data held on, or retrieved from, computer storage media in such a way that the information can be used as evidence in a court of law. Digital forensics as a discipline faces several challenges, both industrial and research ones:

Industrial Challenges

  • Security data is growing as organisations collect process, and analyse more than six terabytes of security data monthly (Cybersecurity Analytics and Operations in Transition, http://esg-global.com/, 2017).
  • It is very difficult to keep up with the threat landscape as organisations are being overwhelmed by the scaling needs for big data forensics that consider both post-mortem and real-time processing and visualization of evidence.
  • Customers need to analyse security event data in real time for internal and external threat management which requires collecting, storing, analysing and reporting on log data for forensics and regulatory compliance, while maintaining the security and integrity of data.

Research Challenges

  • The growing size of heterogeneous data results in insufficient response times.
  • The growing sophistication of malware and attackers highlights the need for developing post compromise and real-time forensics services.
  • There is a need for advanced visualization methods to combine data from heterogeneous sources and to guide forensics investigators to identify areas warranting further review.
  • Intuitive, detailed and user-centric visualizations capable of managing, analysing and presenting large amount of forensics evidence in a user-friendly way have yet to be developed. Some of the drawbacks of existing visualisation frameworks include:
      • the need of utilisation of multiple tools;
      • the difficulty to take information seen in one
      • visualization tool and obtain a different perspective in another tool;
      • many tools do not allow to import information from another tool;
      • significant amount of time to go through all of the tools, collect the data, and then create a coherent report that can potentially be used as evidence in the court of law.
  • Better collection of effective data for post-incident security analysis.
  • Current cyber-forensic methodologies are not always fully extensible to traditional control systems architectures.
  • Correlation of forensic data collected by disparate cyber-centric security procedures and technologies (Firewalls [FW], Intrusion Detection Systems [IDS], Intrusion Prevention Systems, [IPS], etc.), with device and control systems logging data.
  • Post-incident analysis is often dependent on vendor involvement, and any proactive understanding of device logging is often not required by the end user or incorporated into a defence-in-depth strategy.
  • Unforeseen interactions between the forensics tools and control systems.
    Inclusion of real-time forensics tools for active analysis.
  • Increase in storage space on hard drives impacts both the performance utilization and the time when carrying out forensics tasks.

All these challenges point out that the application of information visualisation techniques to digital forensic data is invaluable. For example, gaining situational awareness of the status of a network consisting of multiple endpoint devices, network nodes like switches and network security appliances like firewalls and intrusion detection systems would be unrealistic for a human to perform manually. The velocity of this data in a large network also tends to be very high. It would be extremely difficult for an analyst to maintain awareness of the hierarchy of the network and the typical activity which takes place across it; and to spot any anomalies in this.

Evidently, forensics data visualisation as the visual interpretation of high-dimensional, high-volume data is particularly appropriate for obtaining an overall view of a data set and locating important aspects within it. The main advantages of visualisations include: increased situational awareness; combination of data coming from heterogeneous resources and accommodation of different views that allow users to quickly switch among them and get different perspectives of the data. Some disadvantages on the other hand can be interfaces with too much clutter that may confuse the operator; rendering delays of views incorporating large amounts of data and worse, misleading of operators that can result to wrong assumptions.

In conclusion, visualisations are the single easiest way for the human brain to interpret information. By leveraging data visualizations more in a digital evidence investigation workflow, investigators can be able to discover more and new information that they might otherwise have missed and get to the key evidence in a much more efficient manner suitable for growing data volumes. Innovative visualisation techniques like time-based analysis and preconfigured data views according to the currently investigated security incident would provide a great push to both active (live) and post-mortem digital forensics analysis. 

Posted by AegisDemoAdmin in Articles