Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as Complex Systems: Visualizing Advanced Persistent Threats as Complex Systems

Georgi Nikolov; Margaret Varga; April Rose Panganiban; Kaur Kullman; Valérie Lavigne

doi:10.1007/978-3-032-00633-2_6

Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as Complex Systems: Visualizing Advanced Persistent Threats as Complex Systems

Georgi Nikolov
, Margaret Varga
, April Rose Panganiban
, Kaur Kullman
, Valérie Lavigne

Cyber Defence Lab

University of Oxford
Air Force Research Laboratory
University of Maryland Baltimore County
DRDC

Résultats de recherche: Chapitre dans un livre, un rapport, des actes de conférences › Contribution à une conférence › Revue par des pairs

Résumé

In recent years the field of Information Technologies has become ubiquitous, it is used to implement and manage private, public, government and military installations. This has led to massive growth in the threat landscape, attackers have ample time, resources, technologies and tools to design highly sophisticated attacks implementing Zero-Day Vulnerabilities and complex algorithms using polymorphic behaviour, putting a major strain on defenders. Rapid advancement of Advanced Persistent Threats (APT) poses a major security risk for online services, but even more so for critical government, financial, healthcare and military infrastructures. The difficulty in counteracting APTs is amplified by the increasing challenge of identifying and preparing countermeasures in time. There is ample research and documentation available, describing the life-cycle of various APTs and their Tactics Techniques and Practices (TTPs), but a lack of deeper understanding hinders timely detection to halt the attack. To better understand APTs and how they function, we propose addressing emergent cyber attacks from the perspective of Complex Systems and the application of Visual Analytics and visualization to enhance the level of understanding and Situation Awareness. In this paper, we discuss how we can analyse APTs from a Complex System perspective, the visualization techniques and visual analytics approaches used and how they can be applied for better detection, understanding and management.

langue originale	Anglais
titre	Availability, Reliability and Security - ARES 2025 International Workshops, Proceedings
Sous-titre	ARES 2025
rédacteurs en chef	Bart Coppens, Bruno Volckaert, Bjorn De Sutter, Vincent Naessens
Editeur	Springer
Pages	90-107
Nombre de pages	18
ISBN (Electronique)	978-3-032-00633-2
ISBN (imprimé)	978-3-032-00632-5
Les DOIs	https://doi.org/10.1007/978-3-032-00633-2_6 https://doi.org/10.1007/978-3-032-00633-2_6
état	Publié - 9 août 2025
Evénement	International Workshops on Availability, Reliability and Security, held under the umbrella of the 20th International conference on Availability, Reliability and Security, ARES 2025 - Ghent, Belgique Durée: 11 août 2025 → 14 août 2025

Série de publications

Nom	Lecture Notes in Computer Science
Volume	15995 LNCS
ISSN (imprimé)	0302-9743
ISSN (Electronique)	1611-3349

Une conférence

Une conférence	International Workshops on Availability, Reliability and Security, held under the umbrella of the 20th International conference on Availability, Reliability and Security, ARES 2025
Pays/Territoire	Belgique
La ville	Ghent
période	11/08/25 → 14/08/25

Accès au document

Autres fichiers et liens

Lien vers la publication dans Scopus

20th International Conference on Availability, Reliability and Security
Nikolov, G. (Participant)
11 août 2025 → 14 août 2025
Activité: Participation ou organisation d'un événement (conférence, campagne de mesure) › Participer à une conférence, à un atelier,...

Contient cette citation

Nikolov, G., Varga, M., Panganiban, A. R., Kullman, K., & Lavigne, V. (2025). Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as Complex Systems: Visualizing Advanced Persistent Threats as Complex Systems. Dans B. Coppens, B. Volckaert, B. De Sutter, & V. Naessens (eds.), Availability, Reliability and Security - ARES 2025 International Workshops, Proceedings: ARES 2025 (p. 90-107). (Lecture Notes in Computer Science; Vol 15995 LNCS). Springer. https://doi.org/10.1007/978-3-032-00633-2_6, https://doi.org/10.1007/978-3-032-00633-2_6

Nikolov, Georgi ; Varga, Margaret ; Panganiban, April Rose et al. / Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as Complex Systems : Visualizing Advanced Persistent Threats as Complex Systems. Availability, Reliability and Security - ARES 2025 International Workshops, Proceedings: ARES 2025. Editeur / Bart Coppens ; Bruno Volckaert ; Bjorn De Sutter ; Vincent Naessens. Springer, 2025. p. 90-107 (Lecture Notes in Computer Science).

@inproceedings{1a1f40c0576a4cdebe8e3f5bc9e68f45,

title = "Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as Complex Systems: Visualizing Advanced Persistent Threats as Complex Systems",

abstract = "In recent years the field of Information Technologies has become ubiquitous, it is used to implement and manage private, public, government and military installations. This has led to massive growth in the threat landscape, attackers have ample time, resources, technologies and tools to design highly sophisticated attacks implementing Zero-Day Vulnerabilities and complex algorithms using polymorphic behaviour, putting a major strain on defenders. Rapid advancement of Advanced Persistent Threats (APT) poses a major security risk for online services, but even more so for critical government, financial, healthcare and military infrastructures. The difficulty in counteracting APTs is amplified by the increasing challenge of identifying and preparing countermeasures in time. There is ample research and documentation available, describing the life-cycle of various APTs and their Tactics Techniques and Practices (TTPs), but a lack of deeper understanding hinders timely detection to halt the attack. To better understand APTs and how they function, we propose addressing emergent cyber attacks from the perspective of Complex Systems and the application of Visual Analytics and visualization to enhance the level of understanding and Situation Awareness. In this paper, we discuss how we can analyse APTs from a Complex System perspective, the visualization techniques and visual analytics approaches used and how they can be applied for better detection, understanding and management.",

keywords = "Advanced Persistent Threat, Complex Systems, Visual Analytics, Visualization, Visual Hierarchy",

author = "Georgi Nikolov and Margaret Varga and Panganiban, \{April Rose\} and Kaur Kullman and Val{\'e}rie Lavigne",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; International Workshops on Availability, Reliability and Security, held under the umbrella of the 20th International conference on Availability, Reliability and Security, ARES 2025 ; Conference date: 11-08-2025 Through 14-08-2025",

year = "2025",

month = aug,

day = "9",

doi = "10.1007/978-3-032-00633-2\_6",

language = "English",

isbn = "978-3-032-00632-5",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "90--107",

editor = "Bart Coppens and Bruno Volckaert and \{De Sutter\}, Bjorn and Vincent Naessens",

booktitle = "Availability, Reliability and Security - ARES 2025 International Workshops, Proceedings",

}

Nikolov, G, Varga, M, Panganiban, AR, Kullman, K & Lavigne, V 2025, Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as Complex Systems: Visualizing Advanced Persistent Threats as Complex Systems. Dans B Coppens, B Volckaert, B De Sutter & V Naessens (eds), Availability, Reliability and Security - ARES 2025 International Workshops, Proceedings: ARES 2025. Lecture Notes in Computer Science, VOL. 15995 LNCS, Springer, p. 90-107, International Workshops on Availability, Reliability and Security, held under the umbrella of the 20th International conference on Availability, Reliability and Security, ARES 2025, Ghent, Belgique, 11/08/25. https://doi.org/10.1007/978-3-032-00633-2_6, https://doi.org/10.1007/978-3-032-00633-2_6

Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as Complex Systems: Visualizing Advanced Persistent Threats as Complex Systems. / Nikolov, Georgi; Varga, Margaret; Panganiban, April Rose et al.
Availability, Reliability and Security - ARES 2025 International Workshops, Proceedings: ARES 2025. Ed. / Bart Coppens; Bruno Volckaert; Bjorn De Sutter; Vincent Naessens. Springer, 2025. p. 90-107 (Lecture Notes in Computer Science; Vol 15995 LNCS).

Résultats de recherche: Chapitre dans un livre, un rapport, des actes de conférences › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as Complex Systems

T2 - International Workshops on Availability, Reliability and Security, held under the umbrella of the 20th International conference on Availability, Reliability and Security, ARES 2025

AU - Nikolov, Georgi

AU - Varga, Margaret

AU - Panganiban, April Rose

AU - Kullman, Kaur

AU - Lavigne, Valérie

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025/8/9

Y1 - 2025/8/9

N2 - In recent years the field of Information Technologies has become ubiquitous, it is used to implement and manage private, public, government and military installations. This has led to massive growth in the threat landscape, attackers have ample time, resources, technologies and tools to design highly sophisticated attacks implementing Zero-Day Vulnerabilities and complex algorithms using polymorphic behaviour, putting a major strain on defenders. Rapid advancement of Advanced Persistent Threats (APT) poses a major security risk for online services, but even more so for critical government, financial, healthcare and military infrastructures. The difficulty in counteracting APTs is amplified by the increasing challenge of identifying and preparing countermeasures in time. There is ample research and documentation available, describing the life-cycle of various APTs and their Tactics Techniques and Practices (TTPs), but a lack of deeper understanding hinders timely detection to halt the attack. To better understand APTs and how they function, we propose addressing emergent cyber attacks from the perspective of Complex Systems and the application of Visual Analytics and visualization to enhance the level of understanding and Situation Awareness. In this paper, we discuss how we can analyse APTs from a Complex System perspective, the visualization techniques and visual analytics approaches used and how they can be applied for better detection, understanding and management.

AB - In recent years the field of Information Technologies has become ubiquitous, it is used to implement and manage private, public, government and military installations. This has led to massive growth in the threat landscape, attackers have ample time, resources, technologies and tools to design highly sophisticated attacks implementing Zero-Day Vulnerabilities and complex algorithms using polymorphic behaviour, putting a major strain on defenders. Rapid advancement of Advanced Persistent Threats (APT) poses a major security risk for online services, but even more so for critical government, financial, healthcare and military infrastructures. The difficulty in counteracting APTs is amplified by the increasing challenge of identifying and preparing countermeasures in time. There is ample research and documentation available, describing the life-cycle of various APTs and their Tactics Techniques and Practices (TTPs), but a lack of deeper understanding hinders timely detection to halt the attack. To better understand APTs and how they function, we propose addressing emergent cyber attacks from the perspective of Complex Systems and the application of Visual Analytics and visualization to enhance the level of understanding and Situation Awareness. In this paper, we discuss how we can analyse APTs from a Complex System perspective, the visualization techniques and visual analytics approaches used and how they can be applied for better detection, understanding and management.

KW - Advanced Persistent Threat

KW - Complex Systems

KW - Visual Analytics

KW - Visualization

KW - Visual Hierarchy

UR - https://www.scopus.com/pages/publications/105015520765

U2 - 10.1007/978-3-032-00633-2_6

DO - 10.1007/978-3-032-00633-2_6

M3 - Conference contribution

AN - SCOPUS:105015520765

SN - 978-3-032-00632-5

T3 - Lecture Notes in Computer Science

SP - 90

EP - 107

BT - Availability, Reliability and Security - ARES 2025 International Workshops, Proceedings

A2 - Coppens, Bart

A2 - Volckaert, Bruno

A2 - De Sutter, Bjorn

A2 - Naessens, Vincent

PB - Springer

Y2 - 11 August 2025 through 14 August 2025

ER -

Nikolov G, Varga M, Panganiban AR, Kullman K, Lavigne V. Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as Complex Systems: Visualizing Advanced Persistent Threats as Complex Systems. Dans Coppens B, Volckaert B, De Sutter B, Naessens V, rédacteurs en chef, Availability, Reliability and Security - ARES 2025 International Workshops, Proceedings: ARES 2025. Springer. 2025. p. 90-107. (Lecture Notes in Computer Science). doi: 10.1007/978-3-032-00633-2_6, 10.1007/978-3-032-00633-2_6