PERCIVAL: Proactive and rEactive attack and Response assessment for Cyber Incidents using Visual AnaLytics

Situational awareness is a key concept in cyber-defence. Its goal is to make the user aware of different and complex aspects of the network he or she is monitoring. This paper proposes PERCIVAL, a novel visual analytics environment that contributes to situational awareness by allowing the user to understand the network security status and to monitor security events that are happening on the system. The proposed visualization allows for comparing the proactive security analysis with the actual attack progress, providing insights on the effectiveness of the mitigation actions the system has triggered against the attack and giving an overview of the possible attack's evolution. Moreover, the same visualization can be fruitfully used in the proactive analysis since it allows for getting details on computed attack paths and evaluating the mitigation actions that have been proactively computed by the system. A preliminary user study provided a positive feedback on the prototype implementation of the system. A video of the system is available at: https://youtu.be/uMpYCJCX95k.