By Topic

Visualization System for Log Analysis with Probabilities of Incorrect Operation

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Chifumi Nishioka ; Grad. Sch. of Sci. & Technol., Keio Univ., Yokohama, Japan ; Masahiro Kozaki ; Ken-ichi Okada

As advancement of information society, information leakages grow into a serious problem. It is important for security managers to analysis log-files for finding out cause of leakages promptly. Existing methods of presenting log-files take the method of ordering them in time. It makes easy to understand a flow of operations. However, if a log recording an incorrect operation is included in the back of log-file, finding out it may drop back. To address this problem, this paper presents visualization system for log analysis with probabilities of incorrect operation. Incorrect operations are operations that may cause a security incident. Probabilities of incorrect operation are set up by rate of number of incorrect operations in past log-files. Security analysts set order of priority, and logs are sorted. Also, we introduce Visualize Part to help security analysts understand a flow of operations in spite of not ordering logs in time. We aim to contribute speedy security analyses by combine visualizing log-file with probabilities of incorrect operation. To evaluate our proposal, accuracy and efficiency are measured by user experiment. Our proposal tool was compared with the tool without probabilities of incorrect operation. As the result, in terms of accuracy, there are no significant difference between. However, our proposal demonstrate a 39.5% improved efficiency.

Published in:

Parallel and Distributed Systems (ICPADS), 2011 IEEE 17th International Conference on

Date of Conference:

7-9 Dec. 2011