Home

General
Name:	dr. ir. B.C.M. (Bram) Cappers
Position:	Co-Founder AnalyzeData Visualization Architect
Address:	Eindhoven University of Technology. Department of Mathematics and Computer Science. Visualization group. De Rondom 70, Room MF 4.060, 5600 MB Eindhoven, The Netherlands
Phone:	+31 (0)40 247 8863
E-mail:	[email protected]

Check out our new article in the European Cyber Security Perspectives 2020!

The European Cyber Security Perspectives is a partnership of the Dutch National Police, the Dutch National Cyber Security Centre and a number of companies including KPN. The purpose of the report is to collaborate between the parties and share essential cybersecurity knowledge.

We have setup our Startup AnalyzeData to further develop the Eventpad technology and to make data analysis more accessible to companies.

Check out awards, grants, and traction.

My Thesis Interactive Visualization of Event Logs for Cybersecurity has won an Honorable mention for the Gerrit van Dijk prijs 2019!!!

Check out the article.

My Thesis is nominated for the TU/e Academic awards 2019!

The thesis is chosen as the best PhD thesis of Mathematics and Computer Science department

Check out the article.

Check out my dissertation on Interactive Visualization of Events Logs for Cybersecurity.

Eventpad is fighting Ransomware

Check out my talk at VizSec 2018!

Eventpad: Rapid Malware Analysis and Reverse Engineering using Visual Analytics

5 countries, 22 startups, 1 best paper. EventPad has won the best 2-pager award at the European Venture Program 2018! Read more about the program here

EventPad is reaching for the stars! Getting ready for Black Hat USA Arsenal 2018!

EventPad is published in the European Cyber Security Perspectives 2018!

EventPad strikes again! Eventpad won the ICTOpen 2018 award for Best Demo and Technology

The Dutch Scientific Institute NWO announced Eventpad as the most impactful Dutch technology for ICT environments and industries of 2018!

EventPad has won the VAST Challenge 2017 award for Elegant Support For Hypothesis Generation and Testing!

Exploring Lekagul Sensor Events using Rules, Aggregations, and Selections

Check out my talk at SHA 2017!

Network Traffic Analysis using Deep Packet Inspection and Data Visualization

Eventpad: the Sublime editor for network traffic

or download the video here

Check out the demo of my new system EventPad

Check out the EventPad website for demos and downloads Eventpad

Also check the fastForward presentation and preview video

Check out my talk at VizSec 2016!

Understanding the Context of Network Traffic Alerts

Check out the reactions on Twitter!

Introduction
I'm Bram and I am a computer scientist from Eindhoven University of Technology. Ever since I was little, I have been fascinated about the functioning and actuation of electronic devices. I love to puzzle on mathematical problems and try to come up with a creative solution. My interests are in particular in the area of data visualization, information systems, formal system analysis, and language engineering. Currently, I have finished my PhD in the area of data visualization and co-founder of the startup AnalyzeData to assist companies in better understanding and processing their data Besides my academic career, I work as a freelancer in the area of web design and (integration of) information systems. Occasionally, I provide training material and consult third parties about software development and process automation. When I am back at home, I love to watch a movie and hang out with my friends. My hobbies are drawing, playing music, and modeling.

Introduction

I'm Bram and I am a computer scientist from Eindhoven University of Technology.

Ever since I was little, I have been fascinated about the functioning and actuation of electronic devices. I love to puzzle on mathematical problems and try to come up with a creative solution. My interests are in particular in the area of data visualization, information systems, formal system analysis, and language engineering. Currently, I have finished my PhD in the area of data visualization and co-founder of the startup AnalyzeData to assist companies in better understanding and processing their data

Besides my academic career, I work as a freelancer in the area of web design and (integration of) information systems. Occasionally, I provide training material and consult third parties about software development and process automation.

When I am back at home, I love to watch a movie and hang out with my friends. My hobbies are drawing, playing music, and modeling.

Research

The main research question for my PhD project SpySpot is:

``How can we use visualization techniques to detect (or aid in the detection of) cyber espionage and targeted malware in computer networks using deep packet inspection and automated anomaly detection techniques?''’

One of the main challenges in the area of network traffic analysis is how to detect when a network is being exploited (e.g., cyber espionage, exfiltration, targeted malware). Especially for critical infrastructures (such as power plants), hackers nowadays are willing to design complex viruses to maximize the damage in one specific infrastructure. The main difficulty with Advanced Persistent Threats (APTs) is the involvement of domain knowledge such that their traffic can no longer be distinguished from regular activity by simple inspection of high level properties (e.g., message length and destination address).

Current methods focus on the analysis of these properties, since in practice they have shown to be sufficient for the discovery of traditional attacks (e.g., buffer overflows, DDOS attacks). The fact that these techniques consider traffic content as a black box makes them unaware of anomalies at the level of semantics. The goal of SpySpot is to combine anomaly based deep packet inspection with visualization to lay the basis of a new generation of security monitoring tools that are suitable to detect advanced persistent threats. The analysis part enables the system to automatically “spot” anomalous behavior in network traffic whereas visualization enables the user to gain insight in these alerts and allow them to act accordingly.

The motivation for visualizing network traffic is three-fold:

Enhance analysis part through iterative refinement:

Use interaction to report false positive alerts back to the SpySpot detection system to prevent these alerts from happening in the future. This enables the user to optimize the SpySpot system according to their environment.

Gain insight in alerts and traffic through visual explanation:

Use visualization to combine analysis results and user domain knowledge to relate low-level technical alerts to high-level network events.
Enable users to visually distinguish true alerts from typically a large collection of false alerts by presenting and comparing data in various contexts.

Discover Anomalies through visual traffic exploration:

Discover non-trivial network patterns and anomalies that are outside the scope of the analysis part.

Teaching (Instructor)
2IP90 2016: Programming
2IPG0 2015: Introduction to object-oriented programming
2IPG0 2014: Introduction to object-oriented programming

Dissertation:
Check out my dissertation on Interactive Visualization of Events Logs for Cybersecurity.

Chapter 3	Chapter 4

Chapter 5	Chapter 6

Chapter 7

Publications
	Eventpad: Rapid Malware Analysis and Reverse Engineering using Visual Analytics Bram C.M. Cappers, Paulus N. Meessen, Sandro Etalle and Jarke J. van Wijk Proceedings of the IEEE Symposium on Visualization for Cyber Security (VizSec), (2018), pages 1-8
	Exploring Lekagul Sensor Events using Rules, Aggregations, and Selections. Bram C.M. Cappers. Visual Analytics Science and Technology (VAST) Challenge, (2017) (Visualization award “Elegant Tool for Hypothesis Testing and Generation”) (Best Poster Award 2017)
	Exploring Multivariate Event Sequences using Rules, Aggregations and Selections. Bram C.M. Cappers and Jarke J. van Wijk. IEEE Transactions on Visualization and Computer Graphics, (2018), 24, 1, 532-541
	SNAPS: Network traffic Analysis through Projection and Selection. Bram C.M. Cappers and Jarke J. van Wijk Proceedings of the IEEE Symposium on Visualization for Cyber Security (VizSec), (2015), pages 1-8
	Understanding the Context of Network Traffic Alerts. Bram C.M. Cappers and Jarke J. van Wijk Proceedings of the IEEE Symposium on Visualization for Cyber Security (VizSec), (2016), pages 1-8
	Anomaly Detection 101: Hunting the Unknown Bram C.M. Cappers, Dennis G.M. Cappers, Joey van de Pasch, and Josh G.M. Mengerink Seventh European Cyber Security Perspectives Report 2020, pages 59-61
	Why algorithms are dangerous. Don’t forget the human! Bram C.M. Cappers, Josh G.M. Mengerink J. van Wijk, and Joey van de Pasch Sixth European Cyber Security Perspectives Report 2019, pages 76-78
	Eventpad: A Visual Analytics approach to Network Intrusion Detection and Reverse Engineering. Bram C.M. Cappers, Jarke J. van Wijk, and Sandro Etalle Fifth European Cyber Security Perspectives Report 2018, pages 62-65
	Semantic Network Traffic Analysis using Deep Packet Inspection and Visual Analytics. Bram C.M. Cappers. 2017
	Exploring DSL evolutionary patterns in practice: a study of DSL evolution in a large-scale industrial DSL repository J.G.M. Mengerink, B. van der Sanden, B.C.M. Cappers, A. Serebrenik, R.R.H. Schiffelers, and M.G.J. van den Brand Proceedings of the International Conference on Model-Driven Engineering and Software Development (MODELSWARD), (2018)
	Visual Analysis of Parallel Interval Events J. Qi, C. Liu, B.C.M. Cappers, and H.M.M. van de Wetering EuroVis, (2018) (EuroVis Best Short Paper Award 2018)

Thesis
	Exploring and visualizing GLL parsing. Bram C.M. Cappers. 2014

Cool stuff:

Eventpad

SPH Particle Simulation

TU/e Visualization

Interactive Led Lights