" />  " /> LongLine:用于大规模审计日志的可视分析系统</span><span style="font-family:"font-size:medium;"> </span>
Please wait a minute...
Vis Inf
Vis Inf  2018, Vol. 2 Issue (1): 82-97    DOI: 10.1016/j.visinf.2018.04.009
论文     
LongLine:用于大规模审计日志的可视分析系统 
Seunghoon Yooa, Jaemin Joa, Bohyoung Kimb, Jinwook Seoa
aSeoul National University, Korea  bHankuk University of Foreign Studies, Korea
LongLine: Visual Analytics System for Large-scale Audit Logs
Seunghoon Yooa, Jaemin Joa, Bohyoung Kimb, Jinwook Seoa
aSeoul National University, Korea  bHankuk University of Foreign Studies, Korea
 全文: PDF 
摘要: 背景:审计日志与其他软件日志不同之处在于它们记录了现代操作系统中最基础的事件(即系统调用)。审计日志含有对操作系统的详细跟踪,因此受到安全专家和系统管理员的高度关注。然而,审计日志的复杂性和规模随着时间而增涨,给分析师理解和分析这些日志造成了困难。 创新:本文提出了一个新颖的可视化分析系统LongLine,它可以对大规模审计日志进行交互式可视化分析。 LongLine使用人类可理解的表示(例如,文件路径和命令)而不是操作系统的抽象指示符(例如文件描述符),同时以多尺度方式,采用有意义的时间粒度(例如每小时、每天和每周),揭示日志的时间规律,从而便利了对审计日志的理解。 应用:本文通过一个案例和安全专家的情景分析对我们的系统进行了评估。
Abstract: Audit logs are different from other software logs in that they record the most primitive events (i.e., system calls) in modern operating systems. Audit logs contain a detailed trace of an operating system, and thus have received great attention from security experts and system administrators. However, the complexity and size of audit logs, which increase in real time, have hindered analysts from understanding and analyzing them. In this paper, we present a novel visual analytics system, LongLine, which enables interactive visual analyses of large-scale audit logs. LongLine lowers the interpretation barrier of audit logs by employing human-understandable representations (e.g., file paths and commands) instead of abstract indicators of operating systems (e.g., file descriptors) as well as revealing the temporal patterns of the logs in a multi-scale fashion with meaningful granularity of time in mind (e.g., hourly, daily, and weekly). LongLine also streamlines comparative analysis between interesting subsets of logs, which is essential in detecting anomalous behaviors of systems. In addition, LongLine allows analysts to monitor the system state in a streaming fashion, keeping the latency between log creation and visualization less than one minute. Finally, we evaluate our system through a case study and a scenario analysis with security experts.
出版日期: 2018-06-29
服务  
把本文推荐给朋友  ”的文章,特向您推荐。请打开下面的网址:http://www.zjujournals.com/vi/CN/abstract/abstract30423.shtml" name="neirong">  ">
加入引用管理器
E-mail Alert
RSS
作者相关文章  
Seunghoon Yoo
Jaemin Jo
Bohyoung Kim
Jinwook Seo

引用本文:

Seunghoon Yoo, Jaemin Jo, Bohyoung Kim, Jinwook Seo. LongLine: Visual Analytics System for Large-scale Audit Logs. Vis Inf, 2018, 2(1): 82-97.

链接本文:

http://www.zjujournals.com/vi/CN/10.1016/j.visinf.2018.04.009        http://www.zjujournals.com/vi/CN/Y2018/V2/I1/82

No related articles found!