Guerra Jorge, Catania Carlos, Veas Eduardo Enrique
2017
Visual exploration of network hostile behavior
Proceedings of the 2017 ACM Workshop on Exploratory Search and Interactive Data Analytics ACM Limassol, Cyprus
This paper presents a graphical interface to identify hostilebehavior in network logs. The problem of identifying andlabeling hostile behavior is well known in the network securitycommunity. There is a lack of labeled datasets, which makeit difficult to deploy automated methods or to test the perfor-mance of manual ones. We describe the process of search-ing and identifying hostile behavior with a graphical tool de-rived from an open source Intrusion Prevention System, whichgraphically encodes features of network connections from alog-file. A design study with two network security expertsillustrates the workflow of searching for patterns descriptiveof unwanted behavior and labeling occurrences therewith.