VAFLE: Visual analytics of firewall log events
Date
2014
Journal Title
Journal ISSN
Volume Title
Type
Conference Paper
Publisher
Series Info
Proceedings of SPIE - The International Society for Optical Engineering
9017
9017
Scientific Journal Rankings
Abstract
In this work, we present VAFLE, an interactive network security visualization prototype for the analysis of firewall log events. Keeping it simple yet effective for analysts, we provide multiple coordinated interactive visualizations augmented with clustering capabilities customized to support anomaly detection and cyber situation awareness. We evaluate the usefulness of the prototype in a use case with network traffic datasets from previous VAST Challenges, illustrating its effectiveness at promoting fast and well-informed decisions. We explain how a security analyst may spot suspicious traffic using VAFLE. We further assess its usefulness through a qualitative evaluation involving network security experts, whose feedback is reported and discussed. � 2014 SPIE-IS&T.
Description
Scopus
Keywords
clustering, cyber security, firewall log, heatmap, user study, visual analytics