Bram Cappers
General
Name: B.C.M. (Bram) Cappers MSc.
Position: PhD Student Data Visualization
Address: Eindhoven University of Technology. Department of Mathematics and Computer Science. Visualization group. De Rondom 70, Room MF 4.060, 5600 MB Eindhoven, The Netherlands
Phone: +31 (0)40 247 8863
E-mail: b.c.m.cappers@tue.nl
Introduction

I'm Bram and I am a computer scientist from Eindhoven University of Technology.

Ever since I was little, I have been fascinated about the functioning and actuation of electronic devices. I love to puzzle on mathematical problems and try to come up with a creative solution. My interests are in particular in the area of data visualization, information systems, formal system analysis, and language engineering. Currently, I have obtained a PhD position in the area of data visualization.

Besides my academic career, I work as a freelancer in the area of web design and (integration of) information systems. Occasionally, I provide training material and consult third parties about software development and process automation.

When I am back at home, I love to watch a movie and hang out with my friends. My hobbies are drawing, playing music, and modeling.

Research

The main research question for my PhD project SpySpot is:

``How can we use visualization techniques to detect (or aid in the detection of) cyber espionage and targeted malware in computer networks using deep packet inspection and automated anomaly detection techniques?''’

One of the main challenges in the area of network traffic analysis is how to detect when a network is being exploited (e.g., cyber espionage, exfiltration, targeted malware). Especially for critical infrastructures (such as power plants), hackers nowadays are willing to design complex viruses to maximize the damage in one specific infrastructure. The main difficulty with Advanced Persistent Threats (APTs) is the involvement of domain knowledge such that their traffic can no longer be distinguished from regular activity by simple inspection of high level properties (e.g., message length and destination address).

Current methods focus on the analysis of these properties, since in practice they have shown to be sufficient for the discovery of traditional attacks (e.g., buffer overflows, DDOS attacks). The fact that these techniques consider traffic content as a black box makes them unaware of anomalies at the level of semantics. The goal of SpySpot is to combine anomaly based deep packet inspection with visualization to lay the basis of a new generation of security monitoring tools that are suitable to detect advanced persistent threats. The analysis part enables the system to automatically “spot” anomalous behavior in network traffic whereas visualization enables the user to gain insight in these alerts and allow them to act accordingly.

The motivation for visualizing network traffic is three-fold:

  • Enhance analysis part through iterative refinement:
    • Use interaction to report false positive alerts back to the SpySpot detection system to prevent these alerts from happening in the future. This enables the user to optimize the SpySpot system according to their environment.
  • Gain insight in alerts and traffic through visual explanation:
    • Use visualization to combine analysis results and user domain knowledge to relate low-level technical alerts to high-level network events.
    • Enable users to visually distinguish true alerts from typically a large collection of false alerts by presenting and comparing data in various contexts.
  • Discover Anomalies through visual traffic exploration:
    • Discover non-trivial network patterns and anomalies that are outside the scope of the analysis part.
Publications
SNAPS: Network traffic Analysis through Projection and Selection. Bram C.M. Cappers and Jarke J. van Wijk. Visualization for Cyber Security (VizSec), 2015 IEEE Symposium on. IEEE, 2015.
Understanding the Context of Network Traffic Alerts. Bram C.M. Cappers and Jarke J. van Wijk. Visualization for Cyber Security (VizSec), 2016 IEEE Symposium on. IEEE, 2016.
Semantic Network Traffic Analysis using Deep Packet Inspection and Visual Analytics. Bram C.M. Cappers. 2017                                                              
Thesis
Exploring and visualizing GLL parsing. Bram C.M. Cappers. 2014                                                              
Cool stuff: