We present our work on a visual, similarity-based approach to log file exploration. The use of similarity rather than simple aggregation schemes empowers users to focus on the high-level events behind log entries, rather than the entries themselves. We make use of an accelerated version of TRIAGE to determine the similarity coefficients for each pair of log entries. The model is embedded in an interactive visualization system which enables the fluid interpretation of similarities with the help of a simple clustering approach.
[Aal11] AALST W. V. D.: Process Mining: Discovery, Conformance and Enhancement of Business Processes, 2011 edition ed. Springer, New York, Apr. 2011. 2
[BB10] BERTIN J., BERG W. J.: Semiology of graphics: Diagrams, networks, maps, 1st ed ed. ESRI Press and Distributed by Ingram Publisher Services, Redlands and Calif, 2010. 2
[CS12] CHUVAKIN A. A., SCHMIDT K. J.: Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management, 1 edition ed. Syngress, Amsterdam, Dec. 2012. 2
[GFC05] GHONIEM M., FEKETE J.-D., CASTAGLIOLA P.: On the readability of graphs using node-link and matrix-based representations: a controlled experiment and statistical analysis. Information Visualization 4, 2 (2005), 114–135. 2
[GGP] GASSEN J., GERHARDS-PADILLA E.: HoneypotMe. https://bitbucket.org/fkie_cd_dare/honeypotme, retrieved on 17/04/2015. 3
[HF06] HENRY N., FEKETE J.: MatrixExplorer: a Dual-Representation System to Explore Social Networks. IEEE Transactions on Visualization and Computer Graphics 12, 5 (Sept. 2006), 677–684. 2
[HFM07] HENRY N., FEKETE J.-D., MCGUFFIN M. J.: Node-Trix: a Hybrid Visualization of Social Networks. IEEE Transactions on Visualization and Computer Graphics 13, 6 (2007), 1302–1309. 2
[HPBM13] HUMPHRIES C., PRIGENT N., BIDAN C., MAJORCZYK F.: ELVIS: Extensible Log VISualization. In Proceedings of the Tenth Workshop on Visualization for Cyber Security (New York, NY, USA, 2013), VizSec ’13, ACM, pp. 9–16. 2
[HT73] HOPCROFT J., TARJAN R.: Algorithm 447: Efficient Algorithms for Graph Manipulation. Commun. ACM 16, 6 (June 1973), 372–378. 3
[KEC06] KELLER R., ECKERT C. M., CLARKSON P. J.: Matrices or node-link diagrams: which visual representation is better for visualising connectivity models? Information Visualization 5, 1 (2006), 62–76. 2
[KR09] KAUFMAN L., ROUSSEEUW P. J.: Finding Groups in Data: An Introduction to Cluster Analysis. John Wiley & Sons, 2009. 2
[Kre14] KREPS J.: I Heart Logs: Event Data, Stream Processing, and Data Integration, 1 edition ed. O’Reilly Media, Oct. 2014. 2
[MML07] MUELLER C., MARTIN B., LUMSDAINE A.: A comparison of vertex ordering algorithms for large graph visualization. In Asia-Pacific Symposium on Visualisation 2007 (2007), pp. 141–148. 3
[SG03] STREHL A., GHOSH J.: Relationship-Based Clustering and Visualization for High-Dimensional Data Mining. INFORMS Journal on Computing 15, 2 (2003), 208–230. 3
[Spl] SPLUNK INC.: Operational Intelligence, Log Management, Application Management, Enterprise Security and Compliance. http://www.splunk.com/, retrieved on 17/04/2015. 2
[THB*15] TWELLMEYER J., HUTTER M., BEHRISCH M., KOHLHAMMER J., SCHRECK T.: The Visual Exploration of Aggregate Similarity for Multi-dimensional Clustering. In Proceedings of International Conference on Information Visualization Theory and Applications (Mar. 2015), pp. 40–50. 3
[Tho10] THONNARD O.: A Multi-Criteria Clustering Approach to Support Attack Attribution in Cyberspace. PhD thesis, Ecole Nationale Supérieure des Télécommunications, Paris, 2010. 2
[TMD10] THONNARD O., MEES W., DACIER M.: On a multicriteria clustering approach for attack attribution. ACM SIGKDD Explorations Newsletter 12, 1 (2010), 11. 2
[Tor96] TORRA V.: Weighted OWA operators for synthesis of information. In IEEE 5th International Fuzzy Systems (1996), pp. 966–971. 2
[Yag88] YAGER R. R.: On ordered weighted averaging aggregation operators in multicriteria decisionmaking. IEEE Transactions on Systems, Man, and Cybernetics 18, 1 (1988), 183–190. 2
