Labeling a real network dataset is specially expensive in computer security, as an expert has to ponder several factors before assigning each label. This paper describes an interactive intelligent system to support the task of identifying hostile behavior in network logs. The RiskID application uses visualizations to graphically encode features of network connections and promote visual comparison. In the background, two algorithms are used to actively organize con- nections and predict potential labels: a recommendation algorithm and a semi-supervised learning strategy. These algorithms together with interactive adaptions to the user interface constitute a behavior recommendation. A study is carried out to analyze how the algo- rithms for recommendation and prediction influence the workflow of labeling a dataset. The results of a study with 16 participants indicate that the behaviour recommendation significantly improves the quality of labels. Analyzing interaction patterns, we identify a more intuitive workflow used when behaviour recommendation is available.
|Publikationsstatus||Veröffentlicht - 2019|
|Veranstaltung||IEEE Symposium on Visualization for Cyber Security - Vancouver, Kanada|
Dauer: 20 Okt 2019 → 25 Okt 2019
|Konferenz||IEEE Symposium on Visualization for Cyber Security|
|Zeitraum||20/10/19 → 25/10/19|