Bram Cappers
Name: dr. ir. B.C.M. (Bram) Cappers
Position: Co-Founder AnalyzeData
Visualization Architect
Address: Eindhoven University of Technology. Department of Mathematics and Computer Science. Visualization group. De Rondom 70, Room MF 4.060, 5600 MB Eindhoven, The Netherlands
Phone: +31 (0)40 247 8863
E-mail: [email protected]

I'm Bram and I am a computer scientist from Eindhoven University of Technology.

Ever since I was little, I have been fascinated about the functioning and actuation of electronic devices. I love to puzzle on mathematical problems and try to come up with a creative solution. My interests are in particular in the area of data visualization, information systems, formal system analysis, and language engineering. Currently, I have finished my PhD in the area of data visualization and co-founder of the startup AnalyzeData to assist companies in better understanding and processing their data

Besides my academic career, I work as a freelancer in the area of web design and (integration of) information systems. Occasionally, I provide training material and consult third parties about software development and process automation.

When I am back at home, I love to watch a movie and hang out with my friends. My hobbies are drawing, playing music, and modeling.


The main research question for my PhD project SpySpot is:

``How can we use visualization techniques to detect (or aid in the detection of) cyber espionage and targeted malware in computer networks using deep packet inspection and automated anomaly detection techniques?''’

One of the main challenges in the area of network traffic analysis is how to detect when a network is being exploited (e.g., cyber espionage, exfiltration, targeted malware). Especially for critical infrastructures (such as power plants), hackers nowadays are willing to design complex viruses to maximize the damage in one specific infrastructure. The main difficulty with Advanced Persistent Threats (APTs) is the involvement of domain knowledge such that their traffic can no longer be distinguished from regular activity by simple inspection of high level properties (e.g., message length and destination address).

Current methods focus on the analysis of these properties, since in practice they have shown to be sufficient for the discovery of traditional attacks (e.g., buffer overflows, DDOS attacks). The fact that these techniques consider traffic content as a black box makes them unaware of anomalies at the level of semantics. The goal of SpySpot is to combine anomaly based deep packet inspection with visualization to lay the basis of a new generation of security monitoring tools that are suitable to detect advanced persistent threats. The analysis part enables the system to automatically “spot” anomalous behavior in network traffic whereas visualization enables the user to gain insight in these alerts and allow them to act accordingly.

The motivation for visualizing network traffic is three-fold:

  • Enhance analysis part through iterative refinement:
    • Use interaction to report false positive alerts back to the SpySpot detection system to prevent these alerts from happening in the future. This enables the user to optimize the SpySpot system according to their environment.
  • Gain insight in alerts and traffic through visual explanation:
    • Use visualization to combine analysis results and user domain knowledge to relate low-level technical alerts to high-level network events.
    • Enable users to visually distinguish true alerts from typically a large collection of false alerts by presenting and comparing data in various contexts.
  • Discover Anomalies through visual traffic exploration:
    • Discover non-trivial network patterns and anomalies that are outside the scope of the analysis part.
Check out my dissertation on Interactive Visualization of Events Logs for Cybersecurity.
Chapter 3Chapter 4
Chapter 5Chapter 6
Chapter 7
Eventpad: Rapid Malware Analysis and Reverse Engineering using Visual Analytics
Bram C.M. Cappers, Paulus N. Meessen, Sandro Etalle and Jarke J. van Wijk
Proceedings of the IEEE Symposium on Visualization for Cyber Security (VizSec), (2018), pages 1-8
Exploring Lekagul Sensor Events using Rules, Aggregations, and Selections.
Bram C.M. Cappers.
Visual Analytics Science and Technology (VAST) Challenge, (2017)
(Visualization award “Elegant Tool for Hypothesis Testing and Generation”)
(Best Poster Award 2017)
Exploring Multivariate Event Sequences using Rules, Aggregations and Selections.
Bram C.M. Cappers and Jarke J. van Wijk.
IEEE Transactions on Visualization and Computer Graphics, (2018), 24, 1, 532-541
SNAPS: Network traffic Analysis through Projection and Selection.
Bram C.M. Cappers and Jarke J. van Wijk
Proceedings of the IEEE Symposium on Visualization for Cyber Security (VizSec), (2015), pages 1-8
Understanding the Context of Network Traffic Alerts.
Bram C.M. Cappers and Jarke J. van Wijk
Proceedings of the IEEE Symposium on Visualization for Cyber Security (VizSec), (2016), pages 1-8
Anomaly Detection 101: Hunting the Unknown
Bram C.M. Cappers, Dennis G.M. Cappers, Joey van de Pasch, and Josh G.M. Mengerink
Seventh European Cyber Security Perspectives Report 2020, pages 59-61
Why algorithms are dangerous. Don’t forget the human!
Bram C.M. Cappers, Josh G.M. Mengerink J. van Wijk, and Joey van de Pasch
Sixth European Cyber Security Perspectives Report 2019, pages 76-78
Eventpad: A Visual Analytics approach to Network Intrusion Detection and Reverse Engineering.
Bram C.M. Cappers, Jarke J. van Wijk, and Sandro Etalle
Fifth European Cyber Security Perspectives Report 2018, pages 62-65
Semantic Network Traffic Analysis using Deep Packet Inspection and Visual Analytics.
Bram C.M. Cappers. 2017                                                              
Exploring DSL evolutionary patterns in practice: a study of DSL evolution in a large-scale industrial DSL repository
J.G.M. Mengerink, B. van der Sanden, B.C.M. Cappers, A. Serebrenik, R.R.H. Schiffelers, and M.G.J. van den Brand
Proceedings of the International Conference on Model-Driven Engineering and Software Development (MODELSWARD), (2018)
Visual Analysis of Parallel Interval Events
J. Qi, C. Liu, B.C.M. Cappers, and H.M.M. van de Wetering
EuroVis, (2018)
(EuroVis Best Short Paper Award 2018)
Exploring and visualizing GLL parsing. Bram C.M. Cappers. 2014                                                              
Cool stuff: