VAFLE: visual analytics of firewall log events
نویسندگان
چکیده
In this work, we present VAFLE, an interactive network security visualization prototype for the analysis of firewall log events. Keeping it simple yet effective for analysts, we provide multiple coordinated interactive visualizations augmented with clustering capabilities customized to support anomaly detection and cyber situation awareness. We evaluate the usefulness of the prototype in a use case with network traffic datasets from previous VAST Challenges, illustrating its effectiveness at promoting fast and well-informed decisions. We explain how a security analyst may spot suspicious traffic using VAFLE. We further assess its usefulness through a qualitative evaluation involving network security experts, whose feedback is reported and discussed.
منابع مشابه
Flexible Organization, Exploration, and Analysis of Visualization Application Interaction Events using Visual Analytics
People’s interactions with a visualization application can reveal information about the visual analysis methods and reasoning processes they employ. By instrumenting an application with logging code, one can capture an event trace of all the interactions that occur during its use. This type of temporal event log data is typically reorganized into more semantically meangingful units during analy...
متن کاملSequence Pre-processing: Focusing Analysis of Log Event Data
Many computational systems are generating log event data as a way to help developers understand the usage of applications in the wild. While many commercial analysis tools exist, they tend to treat log event data as a “bag of events” instead of collections of observed sequences, where each sequence represents an individual session. While recent work can support the visual analysis of event sequ...
متن کاملA Mutli-Agent System for Firewall Forensics Analysis
Computer Forensics applies law to fight against unlawful and illegitimate use of computers and networks. It employs investigation methods to solve computer crimes. Knowing that the firewall is the unique input and output in a network, it is considered as the ideal location for recording network activities. The firewall log files trace all incoming and outgoing events in a network. Its content c...
متن کاملProcess Mining and Visual Analytics: Breathing Life into Business Process Models
Process mining and visual analytics are two disciplines that emerged over the last decade. The goal of process mining is to use event data to extract process-related information, e.g., to automatically discover a process model by observing events recorded by some information system or to check the conformance of a process model with actual process executions. The spectacular growth of event dat...
متن کاملVisual Analytics of Big Data from Distributed Systems
Distributed Systems are challenging to debug because the temporal order of events and distributed states are hard to track. The high complexity of distributed systems make fully automatic reasoning difficult to apply. Domain experts are often required to reason about the behavior of a system based on log files from various sources. This situation presents a good opportunity for visual analytics...
متن کامل