Abstract
Post-incident analysis of a security event is a complex task due to the volume of data that must be assessed, often within tight temporal constraints. System software, such as operating systems and applications, provide a range of opportunities to record data in log files about interactions with the computer that may provide evidence during an investigation. Data visualization can be used to aid data set interpretation and improve the ability of the analyst to make sense of information. This paper posits a novel methodology that visualizes data from a range of log files to aid the investigation process. In order to demonstrate the applicability of the approach, a case study of identification and analysis of attacks is presented.
Chapter PDF
Similar content being viewed by others
References
Ando, R., Kadobayashi, Y., Shinoda, Y.: Blink: Large-scale P2P network monitoring and visualization system using VM introspection. In: Proceedings of the Sixth International Conference on Networked Computing and Advanced Information Management, Seoul, South Korea, August 16-18, pp. 351–358 (2010)
Wang, C., Xiao, Z., Li, Y., Xu, Y., Zhou, A., Zhang, K.: SentiView: Sentiment Analysis and Visualization for Internet Popular Topics. IEEE Transactions on Human-Machine Systems 43(6), 620–630 (2013)
Dunlop, M., Urbanski, W., Marchany, R., Tront, J.: Leveraging Cognitive Principles to Improve Security Visualization. In: Proceedings of Networked Digital Technologies, Dubai, UAE, April 24-26, pp. 262–276 (2012)
Giacobe, N.A., Xu, S.: Geovisual analytics for cyber security: Adopting the GeoViz Toolkit. In: Proceedings of the IEEE Conference on Visual Analytics Science and Technology, Providence, RI, USA, October 23-28, pp. 315–316 (2011)
Guerra-Gomez, J., Pack, M.L., Plaisant, C., Shneiderman, B.: Visualizing Change over Time Using Dynamic Hierarchies: TreeVersity2 and the StemView. IEEE Transactions on Visualization and Computer Graphics 19(12), 2566–2575 (2013)
Haggerty, J., Haggerty, S., Taylor, M.: Forensic Triage of Email Network Narratives through Visualisation. Journal of Information Management and Computer Security (forthcoming, 2014)
Koniaris, I., Papadimitriou, G., Nicopolitidis, P.: Analysis and Visualization of SSH Attacks Using Honeypots. In: Proceedings of EuroCon, Zagreb, Croatia, July 1-4, pp. 65–72 (2013)
Krishnan, H., Garth, C., Guhring, J., Gulsun, M.A., Greiser, A., Joy, K.I.: Analysis of Time-Dependent Flow-Sensitive PC-MRI Data. IEEE Transactions on Visualization and Computer Graphics 18(6), 966–977 (2012)
Mantoro, T., Aziz, N.A., Yusoff, N.D.M., Talib, N.A.A.: Log Visualization of Intrusion and Prevention Reverse Proxy Server against Web Attacks. In: Proceedings of the International Conference on Informatics and Creative Multimedia, Kuala Lumpur, Malaysia, September 3-6, pp. 325–329 (2013)
Nishioka, C., Kozaki, M., Okada, K.: Visualization System for Log Analysis with Probabilities of Incorrect Operation. In: Proceedings of the IEEE 17th International Conference on Parallel and Distributed Systems, Tainan, Taiwan, December 7-9, pp. 929–934 (2011)
Promrit, N., Mingkhwan, A., Simcharoen, S., Namvong, N.: Multi-dimensional visualization for network forensic analysis. In: Proceedings of the 7th International Conference on Networked Computing, Gumi, South Korea, September 26-28, pp. 68–73 (2011)
Schmerl, S., Vogel, M., Rietz, R., König, H.: Explorative Visualization of Log Data to support Forensic Analysis and Signature Development. In: Proceedings of the Fifth International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, CA, USA, pp. 109–118 (May 10, 2010)
Schmidt, J., Groller, M.E., Bruckner, S.: VAICo: Visual Analysis for Image Comparison. IEEE Transactions on Visualization and Computer Graphics 19(12), 2090–2099 (2013)
Schrenk, G., Poisel, R.: A Discussion of Visualization Techniques for the Analysis of Digital Evidence. In: Proceedings of the Sixth International Conference on Availability, Reliability and Security, Vienna, Austria, August 22-26, pp. 758–763 (2011)
Stoll, J., Tashman, C.S., Edwards, W.K., Spafford, K.: Sesame: informing user security decisions with system visualization. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Florence, Italy, April 5-10, pp. 1045–1054 (2008)
Thomson, A., Graham, M., Kennedy, J.: Pianola - Visualization of Multivariate Time-Series Security Event Data. In: Proceedings of the 17th International Conference on Information Visualisation, London, UK, July 15-18 (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Haggerty, J., Hughes-Roberts, T. (2014). Visualization of System Log Files for Post-incident Analysis and Response. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)