VAFLE: Visual analytics of firewall log events
| dc.Affiliation | October University for modern sciences and Arts (MSA) | |
| dc.contributor.author | Ghoniem M. | |
| dc.contributor.author | Shurkhovetskyy G. | |
| dc.contributor.author | Bahey A. | |
| dc.contributor.author | Otjacques B. | |
| dc.contributor.other | CRP | |
| dc.contributor.other | Gabriel Lippmann | |
| dc.contributor.other | 41 rue du Brill | |
| dc.contributor.other | L-4422 Belvaux | |
| dc.contributor.other | Luxembourg; M.S.A. University | |
| dc.contributor.other | Wahat Road | |
| dc.contributor.other | 6th of October City | |
| dc.contributor.other | Egypt; Nile University | |
| dc.contributor.other | C.I.T School | |
| dc.contributor.other | 6th of October City | |
| dc.contributor.other | Egypt | |
| dc.date.accessioned | 2020-01-09T20:42:09Z | |
| dc.date.available | 2020-01-09T20:42:09Z | |
| dc.date.issued | 2014 | |
| dc.description | Scopus | |
| dc.description.abstract | In this work, we present VAFLE, an interactive network security visualization prototype for the analysis of firewall log events. Keeping it simple yet effective for analysts, we provide multiple coordinated interactive visualizations augmented with clustering capabilities customized to support anomaly detection and cyber situation awareness. We evaluate the usefulness of the prototype in a use case with network traffic datasets from previous VAST Challenges, illustrating its effectiveness at promoting fast and well-informed decisions. We explain how a security analyst may spot suspicious traffic using VAFLE. We further assess its usefulness through a qualitative evaluation involving network security experts, whose feedback is reported and discussed. � 2014 SPIE-IS&T. | en_US |
| dc.description.sponsorship | The Society for Imaging Science and Technology (IS and T);The Society of Photo-Optical Instrumentation Engineers (SPIE);Kitware Inc. | en_US |
| dc.description.uri | https://www.scimagojr.com/journalsearch.php?q=40067&tip=sid&clean=0 | |
| dc.identifier.doi | https://doi.org/10.1117/12.2037790 | |
| dc.identifier.doi | PubMed ID : | |
| dc.identifier.isbn | 9.78E+12 | |
| dc.identifier.issn | 0277786X | |
| dc.identifier.other | https://doi.org/10.1117/12.2037790 | |
| dc.identifier.other | PubMed ID : | |
| dc.identifier.uri | https://t.ly/NN8vO | |
| dc.language.iso | English | en_US |
| dc.relation.ispartofseries | Proceedings of SPIE - The International Society for Optical Engineering | |
| dc.relation.ispartofseries | 9017 | |
| dc.subject | clustering | en_US |
| dc.subject | cyber security | en_US |
| dc.subject | firewall log | en_US |
| dc.subject | heatmap | en_US |
| dc.subject | user study | en_US |
| dc.subject | visual analytics | en_US |
| dc.title | VAFLE: Visual analytics of firewall log events | en_US |
| dc.type | Conference Paper | en_US |
| dcterms.isReferencedBy | Marty, R., Applied security visualization (2008) Addison-Wesley Professional; Shiravi, H., Shiravi, A., Ghorbani, A.A., A survey of visualization systems for network security (2012) IEEE Transactions on Visualization and Computer Graphics, 18, pp. 1313-1329. , (Aug.); Conti, G., Abdullah, K., Grizzard, J., Stasko, J., Copeland, J., Ahamad, M., Owen, H.L., Lee, C., Countering security information overload through alert and packet visualization (2006) Computer Graphics and Applications, IEEE, 26 (2), pp. 60-70; Goodall, J.R., Lutters, W.G., Rheingans, P., Komlodi, A., Preserving the big picture: Visual network traffic analysis with tnv (2005) Visualization for Computer Security, 2005. (VizSEC 05). IEEE Workshop on, p. 6; Ball, R., Fink, G.A., North, C., Home-centric visualization of network traffic for security administration (2004) Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, VizSEC/DMSEC '04, pp. 55-64. , ACM, New York, NY, USA; Fischer, F., Mansmann, F., Keim, D.A., Pietzko, S., Waldvogel, M., Large-scale network monitoring for visual analysis of attacks (2008) Proceedings of the 5th International Workshop on Visualization for Computer Security, VizSec '08, pp. 111-118. , Springer-Verlag, Berlin, Heidelberg; Lakkaraju, K., Yurcik, W., Lee, A.J., Nvisionip: Netow visualizations of system state for security situational awareness (2004) Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, VizSEC/DMSEC '04, pp. 65-72. , ACM, New York, NY, USA; Mansmann, F., Keim, D., North, S., Rexroad, B., Sheleheda, D., Visual analysis of network traffic for resource planning, interactive monitoring, and interpretation of security threats (2007) Visualization and Computer Graphics, IEEE Transactions on, 13 (6), pp. 1105-1112; Kintzel, C., Fuchs, J., Mansmann, F., Monitoring large ip spaces with clockview (2011) Proceedings of the 8th International Symposium on Visualization for Cyber Security, VizSec '11, pp. 1-10. , ACM, New York, NY, USA; Lamagna, W.M., An integrated visualization on network events vast 2011 mini challenge #2 award: "Outstanding integrated overview display (2011) Visual Analytics Science and Technology (VAST), 2011 IEEE Conference on, pp. 319-321; McPherson, J., Ma, K.-L., Krystosk, P., Bartoletti, T., Christensen, M., Portvis: A tool for port-based detection of security events (2004) Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, VizSEC/DMSEC '04, pp. 73-81. , ACM, New York, NY, USA; Boschetti, A., Salgarelli, L., Muelder, C., Ma, K.-L., Tvi: A visual querying system for network monitoring and anomaly detection (2011) Proceedings of the 8th International Symposium on Visualization for Cyber Security, VizSec '11, pp. 1-10. , ACM, New York, NY, USA; (2004) VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, p. 100046. , ACM, New York, NY, USA; Shneiderman, B., The eyes have it: A task by data type taxonomy for information visualizations (1996) Proceedings of the 1996 IEEE Symposium on Visual Languages, VL '96, p. 336. , IEEE Computer Society, Washington, DC, USA; Conti, G., (2007) Security Data Visualization, , No Starch Press, San Francisco, CA, USA; Fekete, J.-D., The infovis toolkit (2004) Proceedings of the IEEE Symposium on Information Visualization, INFOVIS '04, pp. 167-174. , IEEE Computer Society, Washington, DC, USA; Furnas, G.W., Generalized fisheye views (1986) Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '86, pp. 16-23. , ACM, New York, NY, USA; Fekete, J.-D., Plaisant, C., Excentric labeling: Dynamic neighborhood labeling for data visualization (1999) Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: The CHI Is the Limit, CHI '99, pp. 512-519. , ACM, New York, NY, USA; Ahlberg, C., Williamson, C., Shneiderman, B., Dynamic queries for information exploration: An implementation and evaluation (1992) Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '92, pp. 619-626. , ACM, New York, NY, USA; Wilkinson, L., Friendly, M., The history of the cluster heat map (2009) The American Statistician, 63, pp. 179-184. , (May); Ghoniem, M., Cambazard, H., Fekete, J.-D., Jussien, N., Peeking in solver strategies using explanations visualization of dynamic graphs for constraint programming (2005) Proceedings of the 2005 ACM Symposium on Software Visualization, SoftVis '05, pp. 27-36. , ACM, New York, NY, USA; Van Ham, F., Using multilevel call matrices in large software projects (2003) Proceedings of the Ninth Annual IEEE Conference on Information Visualization, INFOVIS'03, pp. 227-232. , IEEE Computer Society, Washington, DC, USA; Eisen, M.B., Spellman, P.T., Brown, P.O., Botstein, D., Cluster analysis and display of genome-wide expression patterns (1998) Proceedings of the National Academy of Sciences (PNAS), 95, pp. 14863-14868. , (December); Wu, H.-M., Tien, Y.-J., Chen, C.-H., Gap: A graphical environment for matrix visualization and cluster analysis (2010) Comput. Stat. Data Anal., 54, pp. 767-778. , (Mar.); Bertin, J., (1983) Semiology of Graphics, , University of Wisconsin Press, Madison, Wis; Liiv, I., Seriation and matrix reordering methods: An historical overview (2010) Stat. Anal. Data Min., 3, pp. 70-91. , (Apr.); Mohar, B., The laplacian spectrum of graphs (1991) Graph Theory, Combinatorics, and Applications, pp. 871-898. , Wiley; Mohar, B., Laplace eigenvalues of graphs - A survey (1992) Discrete Mathematics, 109 (1-3), pp. 171-183; Mardia, K.V., Kent, J.T., Bibby, J.M., (1979) Multivariate Analysis, , Academic Press; Tan, P.-N., Steinbach, M., Kumar, V., (2005) Introduction to Data Mining, (First Edition), , Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA; Lee, H., Kihm, J., Choo, J., Stasko, J., Park, H., Ivisclustering: An interactive visual document clustering via topic modeling (2012) Computer Graphics Forum, 31 (3 PART 3), pp. 1155-1164; Bier, E.A., Stone, M.C., Pier, K., Fishkin, K., Baudel, T., Conway, M., Buxton, W., Derose, T., Toolglass and magic lenses: The see-through interface (1994) Conference Companion on Human Factors in Computing Systems, CHI '94, pp. 445-446. , ACM, NY, USA; Kosara, R., Healey, C.G., Interrante, V., Laidlaw, D.H., Ware, C., Thoughts on user studies: Why, how, and when (2003) Computer Graphics and Applications, 23, pp. 20-25. , (July); Lam, H., Bertini, E., Isenberg, P., Plaisant, C., Carpendale, S., Empirical studies in information visualization: Seven scenarios (2012) Visualization and Computer Graphics, IEEE Transactions on, 18 (9), pp. 1520-1536; Sedlmair, M., Meyer, M., Munzner, T., Design study methodology: Reections from the trenches and the stacks (2012) IEEE Transactions on Visualization and Computer Graphics, 18 (12), pp. 2431-2440; Tory, M., Moller, T., Evaluating visualizations: Do expert reviews work? (2005) Computer Graphics and Applications, IEEE, 25 (5), pp. 8-11; Yan, D., Huang, L., Jordan, M.I., Fast approximate spectral clustering (2009) Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD '09, pp. 907-916. , ACM, New York, NY, USA; Sakai, T., Imiya, A., Fast spectral clustering with random projection and sampling (2009) Machine Learning and Data Mining in Pattern Recognition, 5632, pp. 372-384. , Perner, P., ed., Lecture Notes in Computer Science, Springer Berlin Heidelberg; Seo, J., Shneiderman, B., Interactively exploring hierarchical clustering results (2002) Computer, 35 (7), pp. 80-86; Ghoniem, M., Fekete, J.-D., Matrix view of graphs and direct manipulation of cluster hierarchies (2003) Proceedings of the 15th French-speaking Conference on Human-computer Interaction, pp. 206-207. , IHM 2003, ACM, New York, NY, USA; Bohn, S.J., Payne, D., Nakamura, G., Love, D., Analytics for massive heat maps (2009) Proceedings of Visualization and Data Analysis; Bederson, B.B., Fisheye menus (2000) Proceedings of the 13th Annual ACM Symposium on User Interface Software and Technology, UIST '00, pp. 217-225. , ACM, New York, NY, USA; Conti, G., Ahamad, M., Stasko, J., Attacking information visualization system usability overloading and deceiving the human (2005) Proceedings of the 2005 Symposium on Usable Privacy and Security, SOUPS '05, pp. 89-100. , ACM, New York, NY, USA | |
| dcterms.source | Scopus |