research-article

Visual filter: graphical exploration of network security log files

Authors:

Jan-Erik Stange,

Marian Dörk,

Johannes Landstorfer,

Reto WettachAuthors Info & Claims

VizSec '14: Proceedings of the Eleventh Workshop on Visualization for Cyber Security

Pages 41 - 48

https://doi.org/10.1145/2671491.2671503

Published: 10 November 2014 Publication History

Get Access

Abstract

Network log files often need to be investigated manually for suspicious activity. The huge amount of log lines complicates maintaining an overview, navigation and quick pattern identification. We propose a system that uses an interactive visualization, a visual filter, representing the whole log in an overview, allowing to navigate and make context-preserving subselections with the visualization and in this way reducing the time and effort for security experts needed to identify patterns in the log file. This explorative interactive visualization is combined with focused querying to search for known suspicious terms that are then highlighted in the visualization and the log file itself.

References

[1]

Becker, R. A., Cleveland, W. S. 1987. Brushing Scatterplots. In Technometrics 29, 2 (May 1987), 127--142. DOI= http://dx.doi.org/10.2307/1269768

Digital Library

Google Scholar

[2]

D'Amico, A. D., Goodall, J. R., Resone, D. R., Kopylec, J. K. 2007. Visual Discovery in Computer Network Defense. In: Computer Graphics and Applications, IEEE. Volume 27 Issue 5 (Sept.--Oct. 2007). 20--27

Digital Library

Google Scholar

[3]

Eick, S. G., Steffen, J. L., Sumner Jr., E. E. 1992. Seesoft: A Tool for Visualizing Line Oriented Software Statistics. In IEEE Transactions on Software Engineering -- Special issue on software measurement principles, techniques and environments. Volume 18 Issue 11 (November 1992), 957--968.

Digital Library

Google Scholar

[4]

Frei, A., Rennhard, M. 2008. Histogram Matrix: Log File Visualization for Anomaly Detection. In Proceeding of: Availability, Reliability and Security. (ARES 08). Third International Conference on. Barcelona, Spain, March 4-7, 610--617. DOI=10.1109/ARES.2008.148

Digital Library

Google Scholar

[5]

Hearst, M. 1995. TileBars: Visualization of Term Distribution Information in Full Text Information Access. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. CHI '95. Denver, CO, 59--66.

Digital Library

Google Scholar

[6]

Humphries, C., Prigent, N., Bidan, C., Majorczyk, F. 2013. ELVIS: Extensible Log Visualization. In Proceedings of the Tenth Workshop on Visualization for Cyber Security. VizSec '13. Atlanta, GA, USA, October 14, 2013, 9--16.

Digital Library

Google Scholar

[7]

Landstorfer, J., Herrmann, I., Stange, J.-E., Dörk, M., Wettach, R. 2014. Weaving a Carpet from Log Entries: A Network Security Visualization Built with Co-creation. IEEE Conference on Visual Analytics Science and Technology 2014. To appear.

Crossref

Google Scholar

[8]

Makanju, A., Brooks, S., Zincir-Heywood, A. N., Milios, E. E. 2008. LogView: Visualizing Event Log Clusters. In: Sixth Annual Conference on Privacy, Security and Trust. PST '08. Fredericton, NB, October 1--3, 2008, 99--108.

Digital Library

Google Scholar

[9]

Marchionini, G. 2006. Exploratory Search: From Finding to Understanding. In Communications of the ACM -- Supporting Exploratory Search Vol. 49, 4 (April 2006), 41--46. DOI= http://dl.acm.org/citation.cfm?doid=1121949.1121979.

Digital Library

Google Scholar

[10]

Marty, Raffael. 2009. Applied Security Visualization. Boston, MA, USA: Pearson Education.

Digital Library

Google Scholar

[11]

Card, S., Mackinlay, J. D., Shneiderman, B. 1999. Readings in Information Visualization: Using Vision to Think. San Francisco, CA: Morgan Kaufmann Publishers.

Digital Library

Google Scholar

[12]

Takada, T., Koike, H. 2002. Mielog: A Highly Interactive Visual Log Browser Using Information Visualization and Statistical Analysis. In Proceedings of the 16^th USENIX Conference on System Administration. LISA '02. Philadelphia, PA, November 3-8, 2002, 133--144.

Digital Library

Google Scholar

[13]

White, Ryen W, Roth Resa A. 2009. Exploratory Search: Beyond the Query-Response Paradigm. San Rafael, CA: Morgan and Claypool. DOI= 10.2200/S00174ED1V01Y200901ICR003.

Digital Library

Google Scholar

[14]

Zhang, J., Chen, C., Vogeley, M., Pan, D., Thakar, A., Raddic, J. 2012. SDSS Log Viewer: Visual Exploratory Analysis of Large-Volume SQL Log Data. In Proceeding of Visualization and Data Analysis (VDA). Burlingame, CA, USA. January 22, 2012.

Google Scholar

Cited By

View all

Beran MHrdina FKouril DOslejsek RZakopcanova K(2020)Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents2020 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VizSec51108.2020.00008(11-20)Online publication date: Oct-2020
https://doi.org/10.1109/VizSec51108.2020.00008
Zhong YWang S(2020)Research and Design of Visual Analytics System of Network Security Situation Based on Multi-source Log2020 7th International Conference on Information Science and Control Engineering (ICISCE)10.1109/ICISCE50968.2020.00223(1095-1099)Online publication date: Dec-2020
https://doi.org/10.1109/ICISCE50968.2020.00223
Novikova EKotenko I(2019)Open challenges in visual analytics for security information and event managementInformation and Control Systems10.31799/1684-8853-2019-2-57-67(57-67)Online publication date: 19-Apr-2019
https://doi.org/10.31799/1684-8853-2019-2-57-67
Show More Cited By

Index Terms

Visual filter: graphical exploration of network security log files
1. Software and its engineering
  1. Software creation and management
    1. Software development techniques
      1. Software prototyping
    2. Software post-development issues
      1. Software evolution
  2. Software notations and tools
    1. Development frameworks and environments
      1. Integrated and visual development environments

Recommendations

Interactive 4D overview and detail visualization in augmented reality
ISMAR '12: Proceedings of the 2012 IEEE International Symposium on Mixed and Augmented Reality (ISMAR)

In this paper we present an approach for visualizing time-oriented data of dynamic scenes in an on-site AR view. Visualizations of time-oriented data have special challenges compared to the visualization of arbitrary virtual objects. Usually, the 4D ...
Exploring augmented reality visualizations
AVI '06: Proceedings of the working conference on Advanced visual interfaces

Augmented Reality (AR) enhances our perception of reality by overlaying a digital creation on real world. AR information is often considered visual and most of it is associated with real world objects. This poses several challenges in, e. g., aligning ...
Interactive Framework for Exploratory Search, Integration, and Visual Analysis of Semantic Web Resources
iiWAS '14: Proceedings of the 16th International Conference on Information Integration and Web-based Applications & Services

In this paper, we propose an extended interactive framework for exploratory search, integration, and visual analysis of semantic web resources. In our previous framework, users can visually and dynamically repeat the process of schema extraction, its ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

VizSec '14: Proceedings of the Eleventh Workshop on Visualization for Cyber Security

November 2014

105 pages

ISBN:9781450328265

DOI:10.1145/2671491

General Chair:
Kirsten Whitley
US Department of Defense
,
Program Chair:
Sophie Engle
University of San Francisco
,
Publications Chairs:
Lane Harrison,
Fabian Fischer,
Nicolas Prigent

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Bundesministerium für Bildung und Forschung

Conference

VizSec '14

VizSec '14: Visualization for Cyber Security

November 10, 2014

Paris, France

Acceptance Rates

VizSec '14 Paper Acceptance Rate 12 of 43 submissions, 28%;

Overall Acceptance Rate 39 of 111 submissions, 35%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
410
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)3

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Beran MHrdina FKouril DOslejsek RZakopcanova K(2020)Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents2020 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VizSec51108.2020.00008(11-20)Online publication date: Oct-2020
https://doi.org/10.1109/VizSec51108.2020.00008
Zhong YWang S(2020)Research and Design of Visual Analytics System of Network Security Situation Based on Multi-source Log2020 7th International Conference on Information Science and Control Engineering (ICISCE)10.1109/ICISCE50968.2020.00223(1095-1099)Online publication date: Dec-2020
https://doi.org/10.1109/ICISCE50968.2020.00223
Novikova EKotenko I(2019)Open challenges in visual analytics for security information and event managementInformation and Control Systems10.31799/1684-8853-2019-2-57-67(57-67)Online publication date: 19-Apr-2019
https://doi.org/10.31799/1684-8853-2019-2-57-67
Takada TAbe TCatarci TNorman KMecella M(2018)Emoji-nized log browserProceedings of the 2018 International Conference on Advanced Visual Interfaces10.1145/3206505.3206578(1-3)Online publication date: 29-May-2018
https://dl.acm.org/doi/10.1145/3206505.3206578
Zhao HTang WZou XWang YZu Y(2018)Analysis of Visualization Systems for Cyber SecurityRecent Developments in Intelligent Computing, Communication and Devices10.1007/978-981-10-8944-2_122(1051-1061)Online publication date: 23-Aug-2018
https://doi.org/10.1007/978-981-10-8944-2_122
Novikova EBekeneva YShorov A(2017)Towards visual analytics tasks for the security information and event management2017 International Conference "Quality Management,Transport and Information Security, Information Technologies" (IT&QM&IS)10.1109/ITMQIS.2017.8085770(90-93)Online publication date: Sep-2017
https://doi.org/10.1109/ITMQIS.2017.8085770
Yang TJia S(2016)Research on Network Security Visualization under Big Data Environment2016 International Computer Symposium (ICS)10.1109/ICS.2016.0135(660-662)Online publication date: Dec-2016
https://doi.org/10.1109/ICS.2016.0135

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Interactive 4D overview and detail visualization in augmented reality

Exploring augmented reality visualizations

Interactive Framework for Exploratory Search, Integration, and Visual Analysis of Semantic Web Resources