@inproceedings{blumenstein_livevis_2017, address = {Phoenix, Arizona USA}, title = {{LiveVis}: {Visualizing} {Results} of {Second} {Screen} {Surveys} in {Real} {Time} at {TV} {Stages}}, abstract = {Opinion polls are omnipresent in broadcasting concepts and play an important role in live TV settings. However, involving the audience more intensively in both, the studio as well as at home in front of the television sets, and bringing them together using real-time interaction is still an open challenge. To tackle this aspect, we present LiveVis – a dynamic circle packing visualization with color coding. LiveVis visualizes data based on an individual web questionnaire which is filled out using a second screen device and is embedded into the TV stage in real time. A proof of concept prototype was implemented and applied during several stage events such as the c-tv conference which is produced as a TV show and streamed live over the internet. User feedback showed that the interactive real time survey was very well received by the audience.}, booktitle = {Workshop {Vis} in {Practice} - {Visualization} {Solutions} in the {Wild}, {IEEE} {VIS} 2017}, publisher = {IEEE}, author = {Blumenstein, Kerstin and Leitner, Bianca and Thür, Niklas and Kirchknopf, Armin and Seidl, Markus and Aigner, Wolfgang}, year = {2017}, note = {Projekt: MEETeUX Projekt: VALID}, keywords = {2017, Center for Artificial Intelligence, Forschungsgruppe Media Computing, Institut für Creative Media Technologies, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, TV, information visualisation, mobile, second screen, television, ⛔ No DOI found}, } @inproceedings{blumenstein_bringing_2017, title = {Bringing {Your} {Own} {Device} into {Multi}-device {Ecologies} - {A} {Technical} {Concept}}, url = {http://mc.fhstp.ac.at/sites/default/files/publications/1040_Blumenstein.pdf}, doi = {10/ghppx8}, abstract = {Almost every visitor brings their own mobile device (e.g., smartphone or tablet) to the museum. Although, many museums include interactive exhibits (e.g., multi-touch tables), the visitors’ own devices are rarely used as part of a device ecology. Currently, there is no suitable infrastructure to seamlessly link different devices in museums. Our approach is to integrate the visitor’s own device in a multi-device ecology (MDE) in the museum to enhance the visitor’s exhibition experience. Thus, we present a technical concept to set up such MDEs integrating the well-established TUIO framework for multi-touch interaction on and between devices.}, booktitle = {Proceedings of the 2017 {ACM} {International} {Conference} on {Interactive} {Surfaces} and {Spaces}}, publisher = {ACM}, author = {Blumenstein, Kerstin and Kaltenbrunner, Martin and Seidl, Markus and Breban, Laura and Thür, Niklas and Aigner, Wolfgang}, month = oct, year = {2017}, note = {Projekt: MEETeUX}, keywords = {Center for Artificial Intelligence, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Media Computing, Institut für Creative Media Technologies, Poster, Publikationstyp Schriftpublikation, Wiss. Beitrag, best, best-kblumenstein, best-lbseidl, peer-reviewed}, pages = {306--311}, } @article{wagner_knowledge-assisted_2017, title = {A knowledge-assisted visual malware analysis system: design, validation, and reflection of {KAMAS}}, issn = {0167-4048}, shorttitle = {A knowledge-assisted visual malware analysis system}, url = {http://www.sciencedirect.com/science/article/pii/S0167404817300263}, doi = {10/b5j9}, abstract = {IT-security experts engage in behavior-based malware analysis in order to learn about previously unknown samples of malicious software (malware) or malware families. For this, they need to find and categorize suspicious patterns from large collections of execution traces. Currently available systems do not meet the analysts' needs which are described as: visual access suitable for complex data structures, visual representations appropriate for IT-security experts, provision of workflow-specific interaction techniques, and the ability to externalize knowledge in the form of rules to ease the analysis process and to share with colleagues. To close this gap, we designed and developed KAMAS, a knowledge-assisted visualization system for behavior-based malware analysis. This paper is a design study that describes the design, implementation, and evaluation of the prototype. We report on the validation of KAMAS with expert reviews, a user study with domain experts and focus group meetings with analysts from industry. Additionally, we reflect on the acquired insights of the design study and discuss the advantages and disadvantages of the applied visualization methods. An interesting finding is that the arc-diagram was one of the preferred visualization techniques during the design phase but did not provide the expected benefits for finding patterns. In contrast, the seemingly simple looking connection line was described as supportive in finding the link between the rule overview table and the rule detail table which are playing a central role for the analysis in KAMAS.}, number = {67}, urldate = {2017-02-17}, journal = {Computers \& Security}, author = {Wagner, Markus and Rind, Alexander and Thür, Niklas and Aigner, Wolfgang}, year = {2017}, note = {Projekt: KAVA-Time}, keywords = {Department Medien und Digitale Technologien, Department Technologie, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Institut für Creative Media Technologies, Publikationstyp Schriftpublikation, Visual Computing, Visual analytics, Wiss. Beitrag, behavior-based, best, best-lbaigner, best-lbwagnerm, design study, interactive, knowledge generation, malicious software, malware analysis, peer-reviewed, prototype, visualization}, pages = {1--15}, } @inproceedings{schick_supporting_2017, address = {Phoenix, Arizona, USA}, title = {Supporting {Knowledge}-assisted {Rule} {Creation} in a {Behavior}-based {Malware} {Analysis} {Prototype}}, url = {http://mc.fhstp.ac.at/sites/default/files/publications/vizsec-poster-2017.pdf}, abstract = {The ever increasing number of malicious software (malware) requires domain experts to shift their analysis process towards more individualized approaches to acquire more information about presently unknown malware samples. KAMAS is a knowledge-assisted visual analytics prototype for behavioral malware analysis, which allows IT-security experts to categorize and store potentially harmful system call sequences (rules) in a knowledge database. In order to meet the increasing demand for individualization of analysis processes, analysts have to be able to create individual rules. This paper is a visualization design study, which describes the design and implementation of a separate Rule Creation Area (RCA) into KAMAS and its evaluation by domain experts. It became clear that continuous integration of experts in interaction processes improves the analysis and knowledge generation mechanism of KAMAS. Additionally, the outcome of the evaluation revealed that there is a demand for adjustment and re-usage of already stored rules in the RCA.}, booktitle = {Poster of the 14th {Workshop} on {Visualization} for {Cyber} {Security} ({VizSec})}, author = {Schick, Johannes and Wagner, Markus and Thür, Niklas and Niederer, Christina and Rottermanner, Gernot and Tavolato, Paul and Aigner, Wolfgang}, month = oct, year = {2017}, note = {Projekt: KAVA-Time}, keywords = {2017, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Institut für Creative Media Technologies, Knowledge-assisted Visualization, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, User-Centered Design, Visual analytics, explicit knowledge, information visualization}, } @inproceedings{thur_big2-kamas:_2017, address = {Phoenix, Arizona, USA}, title = {{BiG2}-{KAMAS}: {Supporting} {Knowledge}-{Assisted} {Malware} {Analysis} with {Bi}-{Gram} {Based} {Valuation}}, url = {http://mc.fhstp.ac.at/sites/default/files/publications/vizsec-poster-2017%20%281%29.pdf}, abstract = {Malicious software, short malware, refers to software programs that are designed to cause damage or to perform unwanted actions on the infected computer system. The behavior-based analysis of malware typically utilizes tools that produce lengthy traces of observed events, which have to be analyzed manually or by means of individual scripts. Due to the growing amount of data extracted from malware samples, analysts are in need of an interactive tool that supports them in their exploration efforts. In this respect, the use of visual analytics methods and stored expert knowledge helps the user to speed up the exploration process and, furthermore, to improve the quality of the outcome. In this paper, the previously developed KAMAS concept is extended with components such as a bi-gram based valuation approach to cover further malware analysts’ needs. The components have been integrated a new prototype which was evaluated by two domain experts in a detailed user study.}, booktitle = {Poster of the 14th {Workshop} on {Visualization} for {Cyber} {Security} ({VizSec})}, author = {Thür, Niklas and Wagner, Markus and Schick, Johannes and Niederer, Christina and Eckel, Jürgen and Luh, Robert and Aigner, Wolfgang}, month = oct, year = {2017}, note = {Projekt: KAVA-Time}, keywords = {2017, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Institut für Creative Media Technologies, Knowledge-assisted Visualization, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, User-Centered Design, Visual analytics, explicit knowledge, information visualization}, } @inproceedings{thur_bigram_2017, address = {St. Pölten}, title = {A {Bigram} {Supported} {Generic} {Knowledge}-{Assisted} {Malware} {Analysis} {System}: {BiG2}-{KAMAS}}, url = {http://mc.fhstp.ac.at/sites/default/files/publications/Thuer_B2KAMAS_2017.pdf}, abstract = {Malicious software, short "malware", refers to software programs that are designed to cause damage or to perform unwanted actions on the infected computer system. Behavior-based analysis of malware typically utilizes tools that produce lengthy traces of observed events, which have to be analyzed manually or by means of individual scripts. Due to the growing amount of data extracted from malware samples, analysts are in need of an interactive tool that supports them in their exploration efforts. In this respect, the use of visual analytics methods and stored expert knowledge helps the user to speed up the exploration process and, furthermore, to improve the quality of the outcome. In this paper, the previously developed KAMAS prototype is extended with additional features such as the integration of a bi-gram based valuation approach to cover further malware analysts’ needs. The result is a new prototype which was evaluated by two domain experts in a detailed user study.}, booktitle = {Proceedings of the 10th {Forum} {Media} {Technology} 2017}, publisher = {CEUR-WS}, author = {Thür, Niklas and Wagner, Markus and Schick, Johannes and Niederer, Christina and Eckel, Jürgen and Luh, Robert and Aigner, Wolfgang}, month = nov, year = {2017}, note = {Projekt: KAVA-Time}, keywords = {2017, Design Study, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Institut für Creative Media Technologies, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, Visual analytics, behavior-based, interactive, knowledge generation, malicious software, malware analysis, peer-reviewed, prototype, visualization}, pages = {107--115}, } @inproceedings{schick_rule_2017, address = {St. Pölten}, title = {Rule {Creation} in a {Knowledge}-assisted {Visual} {Analytics} {Prototype} for {Malware} {Analysis}}, url = {http://mc.fhstp.ac.at/sites/default/files/publications/Schick_RuleCreation_2017.pdf}, abstract = {The increasing number of malicious software (malware) requires domain experts to shift their analysis process towards more individualized approaches to acquire more information about unknown malware samples. KAMAS is a knowledge-assisted visual analytics prototype for behavioral malware analysis. It allows IT-security experts to categorize and store potentially harmful system call sequences (rules) in a knowledge database. To meet the increasing demand for individualization of analysis processes, analysts should be able to create individual rules. This paper is a visualization design study, which describes the design and implementation of a Rule Creation Area (RCA) into KAMAS and its evaluation by domain experts. It became clear that continuous integration of experts in interaction processes improves the knowledge generation mechanism of KAMAS. Additionally, the outcome of the evaluation revealed that there is a demand for adjustment and re-usage of already stored rules in the RCA.}, booktitle = {Proceedings of the 10th {Forum} {Media} {Technology} 2017}, publisher = {CEUR-WS}, author = {Schick, Johannes and Wagner, Markus and Thür, Niklas and Niederer, Christina and Rottermanner, Gernot and Tavolato, Paul and Aigner, Wolfgang}, month = nov, year = {2017}, note = {Projekt: KAVA-Time}, keywords = {2017, Design Study, Forschungsgruppe Digital Technologies, Forschungsgruppe Media Computing, Institut für Creative Media Technologies, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, Visual analytics, behavior-based, interactive, knowledge generation, malicious software, malware analysis, peer-reviewed, prototype, visualization}, pages = {116--123}, }