Guerra Jorge, Catania Carlos, Veas Eduardo Enrique
2017
This paper presents a graphical interface to identify hostilebehavior in network logs. The problem of identifying andlabeling hostile behavior is well known in the network securitycommunity. There is a lack of labeled datasets, which makeit difficult to deploy automated methods or to test the perfor-mance of manual ones. We describe the process of search-ing and identifying hostile behavior with a graphical tool de-rived from an open source Intrusion Prevention System, whichgraphically encodes features of network connections from alog-file. A design study with two network security expertsillustrates the workflow of searching for patterns descriptiveof unwanted behavior and labeling occurrences therewith.