Visual Data Analysis in cybersecurity education and forensic anthropology Radek Ošlejšek – Faculty of Informatics, MU Cybersecurity education ● Cybersecurity (training) – Software: KYPO Cyber Range Platform, KYPO Analyst – In cooperation with CERIT (Pavel Čeleda, Jan Vykopal, Jakub Čegan, …) PV226 Introductory seminar2 Cybersecurity: KYPO Analyst PV226 Introductory seminar3 Events log User1;2.08.2020 10:31:43;use webmin_backdoor User1;2.08.2020 10:32:44;set RHOST User1;2.08.2020 10:33:19;set LHOST User1;2.08.2020 10:34:27;set SSL User1;2.08.2020 10:34:35;set TARGET User2;2.08.2020 10:32:17;use webmin_backdoor User2;2.08.2020 10:32:43;exploit User2;2.08.2020 10:44:33;set RPORT User2;2.08.2020 10:45:21;exploit User2;2.08.2020 10:56:02;set LHOST User2;2.08.2020 10:56:20;set SSL User2;2.08.2020 10:58:35;set TARGET ● Goal: Support post-training analysis (revealing flaws in training design, difficulty, gameplay strategies, etc.) ● Techniques: process mining, metric-based data analysis, clustering and other ML methods. Input: Process-oriented data Examples of Bachelor and Master Thesis ● Integration and optimization of process graphs – Currently only Heuristic net is available that suffers from inefficiency PV226 Introductory seminar4 Forensic Anthropology ● 3D Face Identification and Forensic Analysis – Software: FIDENTIS Analyst II – In the cooperation with Department of Anthropology, Faculty of Science (Petra Urbanová) PV226 Introductory seminar5 Forensic Anthropology PV226 Introductory seminar6 Input: Photogrametry data (3D geometry + photo texture ) ● Automated face identification in big data sets (100.000+ faces). ● Pre-selection of (a few) thousands of candidates. ● Fully automated process. ● Forensic-aware (anatomically correct) identification on smaller data sets. ● Automated pre-processing with exploratory analysis and expert-driven decision-making. ● Visual-analysis methods of detail forensic investigation. Goals: 3D Face Similarity Measurement ● Goals: To decide, whether the two faces belong to the same person and why. – Computation/enumeration of (dis)similarity of 3D scans – Providing a visual representation for decision-making of forensic analysts. PV226 Introductory seminar7 Descriptor-based Similarity Techniques ● Descriptors: Color of eyes, distance between eyes, curvature of some are (e.g., nose), etc. ● Descriptors must be detected automatically. ● These techniques are independent on the position of 3D scans in space. PV226 Introductory seminar8 Registration-based Similarity Techniques ● Automated registration (mutual alignment in space) followed by space-dependent measurement techniques PV226 Introductory seminar9 Examples of Bachelor and Master Thesis ● Automated Anthropological Landmark Detection (using machine-learning techniques) PV226 Introductory seminar10 Examples of Bachelor and Master Thesis ● Automated pose detection (orientation of facial scans in the space) – Geometrically and/or using machine-learning methods PV226 Introductory seminar11 Examples of Bachelor and Master Thesis ● Superimposition of 3D face scan to body scan PV226 Introductory seminar12 PhD Topics Even the scans of the same person are not the same. We need identification techniques that can adapt to changes introduced by PV226 Introductory seminar13 PhD Topics Even the scans of the same person are not the same. We need identification techniques that can adapt to changes introduced by ● Ageing: identification and simulation/prediction PV226 Introductory seminar14 [Urbanová et. al, 2020] PhD Topics Even the scans of the same person are not the same. We need identification techniques that can adapt to changes introduced by ● Ageing: identification and simulation/prediction ● Poses PV226 Introductory seminar15 [Zhou, S., Xiao, S.: 3D face recognition: a survey. 2018] PhD Topics Even the scans of the same person are not the same. We need identification techniques that can adapt to changes introduced by ● Ageing: identification and simulation/prediction ● Poses ● Occlusion ● ... PV226 Introductory seminar16 [Zhou, S., Xiao, S.: 3D face recognition: a survey. 2018] PhD Topics Even the scans of the same person are not the same. We need identification techniques that can adapt to changes introduced by ● Ageing: identification and simulation/prediction ● Poses ● Occlusion ● Variability in a given population (i.e., computationally demanding statistical exploration and evaluation) ● ... PV226 Introductory seminar17 Thank you for your attention! PV226 Introductory seminar18 ● KYPO Analyst: www.radek-oslejsek.cz/it/cybersecurity-education-and-training ● FIDENTIS Analyst II: www.radek-oslejsek.cz/it/fidentis-analyst-2 ● oslejsek@fi.muni.cz