research-article

ELVIS: Extensible Log VISualization

Authors:

Christopher Humphries,

Nicolas Prigent,

Christophe Bidan,

Frédéric MajorczykAuthors Info & Claims

VizSec '13: Proceedings of the Tenth Workshop on Visualization for Cyber Security

Pages 9 - 16

https://doi.org/10.1145/2517957.2517959

Published: 02 October 2013 Publication History

Abstract

In this article, we propose ELVIS, a security-oriented log visualization tool that allows security experts to visually explore numerous types of log files through relevant representations. When a log file is loaded into ELVIS, a summary view is displayed. This view is the starting point for exploring the log. The analyst can then choose to explore certain fields or sets of fields from the dataset. To that end, ELVIS selects relevant representations according to the fields chosen by the analyst for display.

References

[1]

K. Abdullah and C. Lee. IDS RainStorm: Visualizing IDS Alarms Workshop on Visualization for Computer Security. pages 1--10.

Digital Library

[2]

A. D. Amico and K. Whitley. The Real Work of Computer Network Defense Analysts The Analysis Roles and Processes that Transform. pages 19--37.

[3]

J. Bertin. Semiology of Graphics: Diagrams, Networks, Maps. University of Wisconsin Press.

Digital Library

[4]

M. Bostock, V. Ogievetsky, and J. Heer. D3: Data-Driven Documents. IEEE transactions on visualization and computer graphics, 17(12):2301--9, Dec. 2011.

Digital Library

[5]

S. G. Eick, M. C. Nelson, and J. D. Schmidt. Graphical analysis of computer log files. Commun. ACM, 37(12):50--56, Dec. 1994.

Digital Library

[6]

J. R. Goodall and W. G. Lutters. Preserving the Big Picture: Visual Network Traffic Analysis with TNV. pages 47--54.

[7]

C. Kintzel, J. Fuchs, and F. Mansmann. Monitoring Large IP Spaces with ClockView.

[8]

J. Mackinlay. Tableau Public: Helping Everyone Tell Stories with Data on the Web. Analysis, 2010.

[9]

J. Mackinlay, P. Hanrahan, and C. Stolte. Show me: automatic presentation for visual analysis. IEEE Transactions on Visualization and Computer Graphics, 13(6):1137--1144, 2007.

Digital Library

[10]

A. Oliner, A. Ganapathi, and W. Xu. Advances and challenges in log analysis. Communications of the ACM, 55(2):55--61, 2012.

Digital Library

[11]

J. Stearley, S. Corwell, and K. Lord. Bridging the gaps: joining information sources with splunk. In Proceedings of the 2010 workshop on Managing systems via log analysis and machine learning techniques, SLAML'10, pages 8--8, Berkeley, CA, USA, 2010. USENIX Association.

Digital Library

[12]

T. Taylor, S. Brooks, and M. John. NetBytes Viewer: An Entity-based Netflow Visualization Utility for Identifying Intrusive Behavior.

[13]

T. Taylor, D. Paterson, J. Glanfield, C. Gates, S. Brooks, and J. McHugh. FloVis: Flow Visualization System. 2009 Cybersecurity Applications Technology Conference for Homeland Security, pages 186--198, 2009.

Digital Library

[14]

The Honeynet Project. Forensic Challenge 10 - "Attack Visualization" | The Honeynet Project, http://www.honeynet.org/node/781.

[15]

The Miso Project. The Miso Project:: d3.chart, http://misoproject.com/d3-chart/.

[16]

S. Tricaud. Picviz: Finding a needle in a haystack. In Proceedings of the First UNSENIX Workshop on the Analysis of System Logs (WASL), 2008.

Digital Library

[17]

E. R. Tufte. Envisioning Information. Graphics Press, 4th printing edition, 1990.

Digital Library

[18]

F. B. Viégas, M. Wattenberg, F. V. Ham, J. Kriss, and M. Mckeon. Many Eyes: A Site for Visualization at Internet Scale. (August), 2007.

[19]

C. Wagner, A. Dulaunoy, S. A. Ses, and T. Engel. PeekKernelFlows: Peeking into IP flows. pages 0--5, 2010.

[20]

L. Wilkinson. The Grammar of Graphics. Springer, 1999.

Digital Library

[21]

G. Wills and L. Wilkinson. AutoVis: Automatic visualization. Information Visualization, 9(1):47--69, Dec. 2008.

Digital Library

Cited By

Rivera JOrtiz-Ubarri J(2024)Web Services Analysis and Threat Detection Through Score-Based Anomaly Detection System and Data Visualizations2024 Cyber Awareness and Research Symposium (CARS)10.1109/CARS61786.2024.10778698(1-8)Online publication date: 28-Oct-2024
https://doi.org/10.1109/CARS61786.2024.10778698
Lee GJeong J(2021)An Efficient Analytical Approach to Visualize Text-Based Event Logs for Semiconductor EquipmentApplied Sciences10.3390/app1113594411:13(5944)Online publication date: 26-Jun-2021
https://doi.org/10.3390/app11135944
Brisse RBoche SMajorczyk FLalande J(2021)KRAKEN: A Knowledge-Based Recommender System for Analysts, to Kick Exploration up a NotchInnovative Security Solutions for Information Technology and Communications10.1007/978-3-031-17510-7_1(1-17)Online publication date: 25-Nov-2021
https://dl.acm.org/doi/10.1007/978-3-031-17510-7_1
Show More Cited By

Recommendations

SnortView: visualization system of snort logs
VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security

False detection is a major issue in deploying and maintaining Network-based Intrusion Detection Systems (NIDS). Traditionally, it is recommended to customize its signature database (DB) to reduce false detections. However, it requires quite deep ...
Visual filter: graphical exploration of network security log files
VizSec '14: Proceedings of the Eleventh Workshop on Visualization for Cyber Security

Network log files often need to be investigated manually for suspicious activity. The huge amount of log lines complicates maintaining an overview, navigation and quick pattern identification. We propose a system that uses an interactive visualization, ...
CORGI: combination, organization and reconstruction through graphical interactions
VizSec '14: Proceedings of the Eleventh Workshop on Visualization for Cyber Security

In this article, we present CORGI, a security-oriented log visualization tool that allows security experts to visually explore and link numerous types of log files through relevant representations and global filtering. The analyst can mark values as ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

VizSec '13: Proceedings of the Tenth Workshop on Visualization for Cyber Security

October 2013

77 pages

ISBN:9781450321730

DOI:10.1145/2517957

Editors:
John Goodall
Oak Ridge National Laboratory
,
Kwan-Liu Ma
University of California, Davis
,
Sophie Engle
University of San Francisco
,
Fabian Fischer
University of Konstanz, Konstanz, Germany

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 October 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Division of Grants and Agreements

Conference

VizSec '13

VizSec '13: Visualization for Cyber Security

October 14, 2013

Georgia, Atlanta, USA

Acceptance Rates

VizSec '13 Paper Acceptance Rate 9 of 30 submissions, 30%;

Overall Acceptance Rate 39 of 111 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
751
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Rivera JOrtiz-Ubarri J(2024)Web Services Analysis and Threat Detection Through Score-Based Anomaly Detection System and Data Visualizations2024 Cyber Awareness and Research Symposium (CARS)10.1109/CARS61786.2024.10778698(1-8)Online publication date: 28-Oct-2024
https://doi.org/10.1109/CARS61786.2024.10778698
Lee GJeong J(2021)An Efficient Analytical Approach to Visualize Text-Based Event Logs for Semiconductor EquipmentApplied Sciences10.3390/app1113594411:13(5944)Online publication date: 26-Jun-2021
https://doi.org/10.3390/app11135944
Brisse RBoche SMajorczyk FLalande J(2021)KRAKEN: A Knowledge-Based Recommender System for Analysts, to Kick Exploration up a NotchInnovative Security Solutions for Information Technology and Communications10.1007/978-3-031-17510-7_1(1-17)Online publication date: 25-Nov-2021
https://dl.acm.org/doi/10.1007/978-3-031-17510-7_1
Beran MHrdina FKouril DOslejsek RZakopcanova K(2020)Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents2020 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VizSec51108.2020.00008(11-20)Online publication date: Oct-2020
https://doi.org/10.1109/VizSec51108.2020.00008
Hanauer THommel WMetzger SPöhn D(2018)A Process Framework for Stakeholder-specific Visualization of Security MetricsProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3232855(1-10)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3232855
Herr DBeck FErtl T(2018)Visual Analytics for Decomposing Temporal Event Series of Production Lines2018 22nd International Conference Information Visualisation (IV)10.1109/iV.2018.00051(251-259)Online publication date: Jul-2018
https://doi.org/10.1109/iV.2018.00051
Yoo SRyu HYeon HKwon TJang YBiuk-Aghai RLi JTakahashi S(2017)Personal visual analytics for android security risk lifelogProceedings of the 10th International Symposium on Visual Information Communication and Interaction10.1145/3105971.3105975(29-36)Online publication date: 14-Aug-2017
https://dl.acm.org/doi/10.1145/3105971.3105975
Aldwairi MAlsaadi H(2017)FLUKESProceedings of the International Conference on Future Networks and Distributed Systems10.1145/3102304.3102337(1-6)Online publication date: 19-Jul-2017
https://dl.acm.org/doi/10.1145/3102304.3102337
Franklin LPirrung MBlaha LDowling MFeng M(2017)Toward a visualization-supported workflow for cyber alert management using threat models and human-centered design2017 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VIZSEC.2017.8062200(1-8)Online publication date: Oct-2017
https://doi.org/10.1109/VIZSEC.2017.8062200
Hellmann BAhlers VRodosek G(2017)Integrating visual analysis of network security and management of detection system configurations2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS)10.1109/IDAACS.2017.8095240(1020-1025)Online publication date: Sep-2017
https://doi.org/10.1109/IDAACS.2017.8095240
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten