VAFLE: Visual analytics of firewall log events

Thumbnail Image

Date

2014

Journal Title

Journal ISSN

Volume Title

Type

Conference Paper

Publisher

Series Info

Proceedings of SPIE - The International Society for Optical Engineering
9017

Abstract

In this work, we present VAFLE, an interactive network security visualization prototype for the analysis of firewall log events. Keeping it simple yet effective for analysts, we provide multiple coordinated interactive visualizations augmented with clustering capabilities customized to support anomaly detection and cyber situation awareness. We evaluate the usefulness of the prototype in a use case with network traffic datasets from previous VAST Challenges, illustrating its effectiveness at promoting fast and well-informed decisions. We explain how a security analyst may spot suspicious traffic using VAFLE. We further assess its usefulness through a qualitative evaluation involving network security experts, whose feedback is reported and discussed. � 2014 SPIE-IS&T.

Description

Scopus

Keywords

clustering, cyber security, firewall log, heatmap, user study, visual analytics

Citation

Full Text link