Abstract
This paper presents a graphical interface to identify hostile behavior in network logs. The problem of identifying and labeling hostile behavior is well known in the network security community. There is a lack of labeled datasets, which make it difficult to deploy automated methods or to test the performance of manual ones. We describe the process of searching and identifying hostile behavior with a graphical tool derived from an open source Intrusion Prevention System, which graphically encodes features of network connections from a log-file. A design study with two network security experts illustrates the workflow of searching for patterns descriptive of unwanted behavior and labeling occurrences therewith.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2017 ACM Workshop on Exploratory Search and Interactive Data Analytics |
Publisher | Association of Computing Machinery |
Pages | 51-54 |
Number of pages | 4 |
ISBN (Electronic) | 978-145034903-1 |
DOIs | |
Publication status | Published - 2017 |
Event | ACM Workshop on Exploratory Search and Interactive Data Analytics: ESIDA 2017 - Limassol, Cyprus Duration: 13 Mar 2017 → … |
Workshop
Workshop | ACM Workshop on Exploratory Search and Interactive Data Analytics |
---|---|
Country/Territory | Cyprus |
City | Limassol |
Period | 13/03/17 → … |