A Technique for Drawing Directed Graphs
IEEE Transactions on Software Engineering
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Parallel coordinates: a tool for visualizing multi-dimensional geometry
VIS '90 Proceedings of the 1st conference on Visualization '90
Visualizing multidimensional (multivariate) data and relations
VIS '94 Proceedings of the conference on Visualization '94
Passive visual fingerprinting of network attack tools
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A survey of security visualization for computer network logs
Security and Communication Networks
ELVIS: Extensible Log VISualization
Proceedings of the Tenth Workshop on Visualization for Cyber Security
| Hi-index | 0.00 |
When considering log files for security, usual applications available today either look for patterns using signature databases or use a behavioral approach. In both cases, information can be missed. The problem becomes bigger with systems receiving a massive amount of logs. Parallel coordinates is an answer to display an infinity of events in multiple dimensions. As security data are multivariate, parallel coordinates provides a neat way to display and ease abnormal behaviors detection. Picviz implements the use of parallel coordinates on acquired data, such as logs, to create a parallel coordinates image. Using this image, the analyst can use Picviz to improve the output image, filter information and visually detect things. Finally, based on what the image helped to detect, the analyst can then write automatic tools and avoid the human interaction with the image.