Attacking information visualization system usability overloading and deceiving the human

Authors:
Gregory Conti;Mustaque Ahamad;John Stasko
Affiliations:
Georgia Institute of Technology;Georgia Institute of Technology;Georgia Institute of Technology
Venue:
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Year:
2005

Citing 18
Cited 8

The visual display of quantitative information

The visual display of quantitative information
Envisioning information

Envisioning information
Fourteen Ways to Say Nothing With Scientific Visualization

Computer
How not to lie with visualization

Computers in Physics
Visual explanations: images and quantities, evidence and narrative

Visual explanations: images and quantities, evidence and narrative
The grammar of graphics

The grammar of graphics
How to Lie with Charts

How to Lie with Charts
The Psychology of Human-Computer Interaction

The Psychology of Human-Computer Interaction
Writing Secure Code

Writing Secure Code
Guarding the next Internet frontier: countering denial of information attacks

Proceedings of the 2002 workshop on New security paradigms
Threat Modeling

Threat Modeling
The Spinning Cube of Potential Doom

Communications of the ACM - Wireless sensor networks
Passive visual fingerprinting of network attack tools

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Interface Illusions

IEEE Security and Privacy
Why computer scientists should attend hacker conferences

Communications of the ACM - The disappearing computer
How to Lie With Statistics

How to Lie With Statistics
A Framework for Countering Denial-of-Information Attacks

IEEE Security and Privacy
Visual Exploration of Malicious Network Objects Using Semantic Zoom, Interactive Encoding and Dynamic Queries

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security

Tool update: high alarm count issues in IDS rainstorm

Proceedings of the 3rd international workshop on Visualization for computer security
Visualizations to improve reactivity towards security incidents inside corporate networks

Proceedings of the 3rd international workshop on Visualization for computer security
Visual security monitoring gadgets

Proceedings of the 5th annual conference on Information security curriculum development
Toward a Scalable Visualization System for Network Traffic Monitoring

IEICE - Transactions on Information and Systems
Domain Specific Intended Use Evaluation Method: Intrusion Detection Specific Intended Use Evaluation Method

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Malicious interface design: exploiting the user

Proceedings of the 19th international conference on World wide web
Cybersecurity for critical infrastructures: attack and defense modeling

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
NAVSEC: a recommender system for 3D network security visualizations

Proceedings of the Tenth Workshop on Visualization for Cyber Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Information visualization is an effective way to easily comprehend large amounts of data. For such systems to be truly effective, the information visualization designer must be aware of the ways in which their system may be manipulated and protect their users from attack. In addition, users should be aware of potential attacks in order to minimize or negate their effect. These attacks target the information visualization system as well as the perceptual, cognitive and motor capabilities of human end users. To identify and help counter these attacks we present a framework for information visualization system security analysis, a taxonomy of visualization attacks and technology independent principles for countering malicious visualizations. These themes are illustrated with case studies and working examples from the network security visualization domain, but are widely applicable to virtually any information visualization system.