Software vulnerabilities represent one of the main weaknesses of an Information Technology (IT) system w.r.t. cyber attacks and nowadays consolidated official data, like the Common Vulnerability Exposure (CVE) dictionary, provide precise and reliable details about them. This information, together with the identification of priority systems to defend allows for inspecting the network structure and the most probable paths an attacker is likely to follow to reach sensible resources, with the main goal of identify suitable mitigation actions that reduce the risk of an attack. Some of these mitigation actions can be applied without further delay, some of them, instead, imply a high operational impact on the organization business that makes their usage convenient only when an attack is really on the way. Dealing with this issue is particularly challenging in the context of critical infrastructure where, even if patches are available, organization mission constraints create obstacles to their straightforward application. In this scenario, security operators are forced to deal with known vulnerabilities that cannot be patched and they spend a noticeable effort in proactive analysis, devising countermeasures that can mitigate the effect of a possible attack. This paper presents a Multi-step cyber Attack Detection (MAD) Visual Analytics solution aiming at assisting security operators in improving their network security by analyzing the possible attacks and identifying suitable mitigations. Moreover, during an attack, the system visually presents the security operator with the relevant pieces of information allowing a better comprehension of the attack status and its probable evolution, in order to make decisions on the possible countermeasures.

软件漏洞是信息技术（IT）系统遭受网络攻击的主要弱点之一，如今，诸如“通用漏洞披露（CVE）”词典之类的综合官方数据提供了有关它们的准确而可靠的详细信息。该信息与确定要防御的优先级系统一起，可以检查网络结构和攻击者可能遵循的最可能路径，以获取合理的资源，其主要目标是确定合适的缓解措施，以减少攻击风险。这些缓解措施中的某些措施可以在没有进一步延迟的情况下应用，而其中的某些措施则暗示了对组织业务的巨大运营影响，这使得只有在确实存在攻击时才便于使用。在关键基础架构中，即使有可用的补丁程序，组织任务约束也会对其直接应用造成障碍，因此处理此问题尤其具有挑战性。在这种情况下，安全运营商被迫应对无法修补的已知漏洞，他们在前瞻性分析上花费了大量精力，设计了可以减轻可能的攻击影响的对策。本文提出了一种多步骤网络攻击检测（MAD）可视化分析解决方案，旨在通过分析可能的攻击并确定适当的缓解措施来帮助安全运营商提高其网络安全性。而且，在袭击中