Proceedings ArticleDOI
Tudumi: information visualization system for monitoring and auditing computer logs
Tetsuji Takada,Hideki Koike +1 more
- pp 570-576
TLDR
Tudumi makes it easier to detect anomalous user activities, such as intrusion, from a huge amount of computer logs from ahuge amount of textual data.Abstract:Â
Computer security breaches are already a major problem in using computers. The most basic defense against it is to monitor and audit the computer logs. Computer logs, however have a huge amount of textual data. It is, therefore, almost impossible to inspect them manually using current systems. We propose a log visualization system called "Tudumi". Tudumi consists of several functions which assist system administrators to perform such tasks manually. These functions are information visualization, log summarization and reflecting known rules into the visualization method. Tudumi makes it easier to detect anomalous user activities, such as intrusion, from a huge amount of computer logs.read more
Citations
More filters
Journal ArticleDOI
A Survey of Visualization Systems for Network Security
TL;DR: A comprehensive review of network security visualization is offered and a taxonomy in the form of five use-case classes encompassing nearly all recent works in this area is provided.
Proceedings ArticleDOI
Towards informatic analysis of syslogs
TL;DR: The author describes the use of the bioinformatic-inspired Teiresias algorithm to automatically classify syslog messages, and compares it to an existing log analysis tool (SLCT), and presents a simple graphical user interface for viewing analysis results.
Proceedings ArticleDOI
SnortView: visualization system of snort logs
Hideki Koike,Kazuhiro Ohno +1 more
TL;DR: A visualization system of a NIDS log, named SnortView, is proposed, which supports administrators in analyzing NIDS alerts much faster and much more easily and introduces some visualization techniques such as overlayed statistical information, source-destination matrix, and so on.
Proceedings ArticleDOI
IDS rainStorm: visualizing IDS alarms
TL;DR: A tool that effectively uses operational alarm log data generated on the Georgia Tech campus network is built that is faster and easier than analyzing text logs, and uses visualization techniques to effectively scale and display the data.
STARMINE: a visualization system for cyber attacks
Yusuke Hideshima,Hideki Koike +1 more
TL;DR: A visualization system for cyber threat monitoring named STARMINE, which integrates three different views, that is geographical, temporal, and logical views, of the cyber threat in 3-D space, which is helpful for administrators to analyze the threats much more easily.
References
More filters
ReportDOI
Data mining approaches for intrusion detection
Wenke Lee,Salvatore J. Stolfo +1 more
TL;DR: An agent-based architecture for intrusion detection systems where the learning agents continuously compute and provide the updated (detection) models to the detection agents is proposed.
Journal ArticleDOI
State transition analysis: a rule-based intrusion detection approach
TL;DR: The paper presents a new approach to representing and detecting computer penetrations in real time, called state transition analysis, which models penetrations as a series of state changes that lead from an initial secure state to a target compromised state.
Journal ArticleDOI
Visualizing network data
TL;DR: SeeNet as mentioned in this paper is a network visualization tool that allows to visualize the data associated with a network and not simply visualizing the structure of the network itself, which is useful for understanding how networks behave.
Proceedings ArticleDOI
H3: laying out large directed graphs in 3D hyperbolic space
TL;DR: The H3 layout technique for drawing large directed graphs as node-link diagrams in 3D hyperbolic space is presented and its implementation accommodates navigation through graphs too large to be rendered interactively by allowing the user to explicitly prune or expand subtrees.
Proceedings ArticleDOI
NetSTAT: a network-based intrusion detection approach
TL;DR: By using a formal model of both the network and the attacks, NetSTAT is able to determine which network events have to be monitored and where they can be monitored.