Showing 1–3 of 3 results for author: Zákopčanová, K

Visilant: Visual Support for the Exploration and Analytical Process Tracking in Criminal Investigations

Authors: Kristína Zákopčanová, Marko Řeháček, Jozef Bátrna, Daniel Plakinger, Sergej Stoppel, Barbora Kozlíková

Abstract: The daily routine of criminal investigators consists of a thorough analysis of highly complex and heterogeneous data of crime cases. Such data can consist of case descriptions, testimonies, criminal networks, spatial and temporal information, and virtually any other data that is relevant for the case. Criminal investigators work under heavy time pressure to analyze the data for relationships, prop… ▽ More The daily routine of criminal investigators consists of a thorough analysis of highly complex and heterogeneous data of crime cases. Such data can consist of case descriptions, testimonies, criminal networks, spatial and temporal information, and virtually any other data that is relevant for the case. Criminal investigators work under heavy time pressure to analyze the data for relationships, propose and verify several hypotheses, and derive conclusions, while the data can be incomplete or inconsistent and is changed and updated throughout the investigation, as new findings are added to the case. Based on a four-year intense collaboration with criminalists, we present a conceptual design for a visual tool supporting the investigation workflow and Visilant, a web-based tool for the exploration and analysis of criminal data guided by the proposed design. Visilant aims to support namely the exploratory part of the investigation pipeline, from case overview, through exploration and hypothesis generation, to the case presentation. Visilant tracks the reasoning process and as the data is changing, it informs investigators which hypotheses are affected by the data change and should be revised. The tool was evaluated by senior criminology experts within two sessions and their feedback is summarized in the paper. Additional supplementary material contains the technical details and exemplary case study. △ Less

Submitted 21 September, 2020; originally announced September 2020.

Comments: Accepted for the IEEE VIS 2020 conference

Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents

Authors: Michal Beran, Frantisek Hrdina, Daniel Kouril, Radek Oslejsek, Kristina Zakopcanova

Abstract: Investigating cybersecurity incidents requires in-depth knowledge from the analyst. Moreover, the whole process is demanding due to the vast data volumes that need to be analyzed. While various techniques exist nowadays to help with particular tasks of the analysis, the process as a whole still requires a lot of manual activities and expert skills. We propose an approach that allows the analysis o… ▽ More Investigating cybersecurity incidents requires in-depth knowledge from the analyst. Moreover, the whole process is demanding due to the vast data volumes that need to be analyzed. While various techniques exist nowadays to help with particular tasks of the analysis, the process as a whole still requires a lot of manual activities and expert skills. We propose an approach that allows the analysis of disk snapshots more efficiently and with lower demands on expert knowledge. Following a user-centered design methodology, we implemented an analytical tool to guide analysts during security incident investigations. The viability of the solution was validated by an evaluation conducted with members of different security teams. △ Less

Submitted 5 March, 2021; v1 submitted 3 September, 2020; originally announced September 2020.

Timely Feedback in Unstructured Cybersecurity Exercises

Authors: Jan Vykopal, Radek Ošlejšek, Karolína Burská, Kristína Zákopčanová

Abstract: Cyber defence exercises are intensive, hands-on learning events for teams of professionals who gain or develop their skills to successfully prevent and respond to cyber attacks. The exercises mimic the real-life, routine operation of an organization which is being attacked by an unknown offender. Teams of learners receive very limited immediate feedback from the instructors during the exercise; th… ▽ More Cyber defence exercises are intensive, hands-on learning events for teams of professionals who gain or develop their skills to successfully prevent and respond to cyber attacks. The exercises mimic the real-life, routine operation of an organization which is being attacked by an unknown offender. Teams of learners receive very limited immediate feedback from the instructors during the exercise; they can usually see only a scoreboard showing the aggregated gain or loss of points for particular tasks. An in-depth analysis of learners' actions requires considerable human effort, which results in days or weeks of delay. The intensive experience is thus not followed by proper feedback facilitating actual learning, and this diminishes the effect of the exercise. In this initial work, we investigate how to provide valuable feedback to learners right after the exercise without any unnecessary delay. Based on the scoring system of a cyber defence exercise, we have developed a new feedback tool that presents an interactive, personalized timeline of exercise events. We deployed this tool during an international exercise, where we monitored participants' interactions and gathered their reflections. The results show that learners did use the new tool and rated it positively. Since this new feature is not bound to a particular defence exercise, it can be applied to all exercises that employ scoring based on the evaluation of individual exercise objectives. As a result, it enables the learner to immediately reflect on the experience gained. △ Less

Submitted 26 December, 2017; originally announced December 2017.

Comments: 6 pages; SIGCSE '18, Baltimore, MD, USA