A tool to support the investigation and visualization of cyber and/or physical incidents

TL;DR

This paper presents an innovative investigation and visualization tool that integrates machine learning forecasts with a user-friendly interface to help security operators efficiently analyze system activity data and detect cyber or physical incidents.

Contribution

The paper introduces a novel tool combining dynamic visualization and machine learning to improve incident investigation and automate decision support in security monitoring.

Findings

Enhanced detection of incidents through integrated ML forecasts.

Improved user experience with intuitive visualization interface.

Automated suggestions aid in faster incident analysis.

Abstract

Investigating efficiently the data collected from a system's activity can help to detect malicious attempts and better understand the context behind past incident occurrences. Nowadays, several solutions can be used to monitor system activities to detect probable abnormalities and malfunctions. However, most of these systems overwhelm their users with vast amounts of information, making it harder for them to perceive incident occurrences and their context. Our approach combines a dynamic and intuitive user interface with Machine Learning forecasts to provide an intelligent investigation tool that facilitates the security operator's work. Our system can also act as an enhanced and fully automated decision support mechanism that provides suggestions about possible incident occurrences.