A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools

Jorge Guerra Torres, Eduardo Enrique Veas, Carlos Adrián Catania

Publikation: KonferenzbeitragPaperForschungBegutachtung

Abstract

Labeling a real network dataset is specially expensive in computer security, as an expert has to ponder several factors before assigning each label. This paper describes an interactive intelligent system to support the task of identifying hostile behavior in network logs. The RiskID application uses visualizations to graphically encode features of network connections and promote visual comparison. In the background, two algorithms are used to actively organize con- nections and predict potential labels: a recommendation algorithm and a semi-supervised learning strategy. These algorithms together with interactive adaptions to the user interface constitute a behavior recommendation. A study is carried out to analyze how the algo- rithms for recommendation and prediction influence the workflow of labeling a dataset. The results of a study with 16 participants indicate that the behaviour recommendation significantly improves the quality of labels. Analyzing interaction patterns, we identify a more intuitive workflow used when behaviour recommendation is available.
Originalspracheenglisch
PublikationsstatusVeröffentlicht - 2019
VeranstaltungIEEE Symposium on Visualization for Cyber Security - Vancouver, Kanada
Dauer: 20 Okt 201925 Okt 2019
http://ieeevis.org/year/2019/welcome

Konferenz

KonferenzIEEE Symposium on Visualization for Cyber Security
KurztitelVIZSEC
LandKanada
Zeitraum20/10/1925/10/19
Internetadresse

Fingerprint

Labeling
Labels
Supervised learning
Intelligent systems
Security of data
User interfaces
Visualization

Dies zitieren

Torres, J. G., Veas, E. E., & Catania, C. A. (2019). A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools. Beitrag in IEEE Symposium on Visualization for Cyber Security, Kanada.

A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools. / Torres, Jorge Guerra; Veas, Eduardo Enrique; Catania, Carlos Adrián.

2019. Beitrag in IEEE Symposium on Visualization for Cyber Security, Kanada.

Publikation: KonferenzbeitragPaperForschungBegutachtung

Torres, JG, Veas, EE & Catania, CA 2019, 'A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools' Beitrag in, Kanada, 20/10/19 - 25/10/19, .
Torres JG, Veas EE, Catania CA. A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools. 2019. Beitrag in IEEE Symposium on Visualization for Cyber Security, Kanada.
Torres, Jorge Guerra ; Veas, Eduardo Enrique ; Catania, Carlos Adrián. / A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools. Beitrag in IEEE Symposium on Visualization for Cyber Security, Kanada.
@conference{016050824c0c4f6a80c4e5d1e1297431,
title = "A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools",
abstract = "Labeling a real network dataset is specially expensive in computer security, as an expert has to ponder several factors before assigning each label. This paper describes an interactive intelligent system to support the task of identifying hostile behavior in network logs. The RiskID application uses visualizations to graphically encode features of network connections and promote visual comparison. In the background, two algorithms are used to actively organize con- nections and predict potential labels: a recommendation algorithm and a semi-supervised learning strategy. These algorithms together with interactive adaptions to the user interface constitute a behavior recommendation. A study is carried out to analyze how the algo- rithms for recommendation and prediction influence the workflow of labeling a dataset. The results of a study with 16 participants indicate that the behaviour recommendation significantly improves the quality of labels. Analyzing interaction patterns, we identify a more intuitive workflow used when behaviour recommendation is available.",
author = "Torres, {Jorge Guerra} and Veas, {Eduardo Enrique} and Catania, {Carlos Adri{\'a}n}",
year = "2019",
language = "English",
note = "IEEE Symposium on Visualization for Cyber Security, VIZSEC ; Conference date: 20-10-2019 Through 25-10-2019",
url = "http://ieeevis.org/year/2019/welcome",

}

TY - CONF

T1 - A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools

AU - Torres, Jorge Guerra

AU - Veas, Eduardo Enrique

AU - Catania, Carlos Adrián

PY - 2019

Y1 - 2019

N2 - Labeling a real network dataset is specially expensive in computer security, as an expert has to ponder several factors before assigning each label. This paper describes an interactive intelligent system to support the task of identifying hostile behavior in network logs. The RiskID application uses visualizations to graphically encode features of network connections and promote visual comparison. In the background, two algorithms are used to actively organize con- nections and predict potential labels: a recommendation algorithm and a semi-supervised learning strategy. These algorithms together with interactive adaptions to the user interface constitute a behavior recommendation. A study is carried out to analyze how the algo- rithms for recommendation and prediction influence the workflow of labeling a dataset. The results of a study with 16 participants indicate that the behaviour recommendation significantly improves the quality of labels. Analyzing interaction patterns, we identify a more intuitive workflow used when behaviour recommendation is available.

AB - Labeling a real network dataset is specially expensive in computer security, as an expert has to ponder several factors before assigning each label. This paper describes an interactive intelligent system to support the task of identifying hostile behavior in network logs. The RiskID application uses visualizations to graphically encode features of network connections and promote visual comparison. In the background, two algorithms are used to actively organize con- nections and predict potential labels: a recommendation algorithm and a semi-supervised learning strategy. These algorithms together with interactive adaptions to the user interface constitute a behavior recommendation. A study is carried out to analyze how the algo- rithms for recommendation and prediction influence the workflow of labeling a dataset. The results of a study with 16 participants indicate that the behaviour recommendation significantly improves the quality of labels. Analyzing interaction patterns, we identify a more intuitive workflow used when behaviour recommendation is available.

M3 - Paper

ER -