Article | Proceedings of SIGRAD 2015, June 1st and 2nd, Stockholm, Sweden | WOW-A-Cluster! A Visual Similarity-Based Approach to Log Exploration
Göm menyn

Title:
WOW-A-Cluster! A Visual Similarity-Based Approach to Log Exploration
Author:
James E. Twellmeyer: Fraunhofer IGD, Germany Arjan Kuijper: TU Darmstadt, Germany Jörn Kohlhammer: Fraunhofer IGD, Germany / TU Darmstadt, Germany
Download:
Full text (pdf)
Year:
2015
Conference:
Proceedings of SIGRAD 2015, June 1st and 2nd, Stockholm, Sweden
Issue:
120
Article no.:
018
Pages:
61-64
No. of pages:
4
Publication type:
Abstract and Fulltext
Published:
2015-11-24
ISBN:
978-91-7685-855-4
Series:
Linköping Electronic Conference Proceedings
ISSN (print):
1650-3686
ISSN (online):
1650-3740
Publisher:
Linköping University Electronic Press, Linköpings universitet


Export in BibTex, RIS or text

We present our work on a visual, similarity-based approach to log file exploration. The use of similarity rather than simple aggregation schemes empowers users to focus on the high-level events behind log entries, rather than the entries themselves. We make use of an accelerated version of TRIAGE to determine the similarity coefficients for each pair of log entries. The model is embedded in an interactive visualization system which enables the fluid interpretation of similarities with the help of a simple clustering approach.

Keywords: Clustering; similarity measures

Proceedings of SIGRAD 2015, June 1st and 2nd, Stockholm, Sweden

Author:
James E. Twellmeyer, Arjan Kuijper, Jörn Kohlhammer
Title:
WOW-A-Cluster! A Visual Similarity-Based Approach to Log Exploration
References:

[Aal11] AALST W. V. D.: Process Mining: Discovery, Conformance and Enhancement of Business Processes, 2011 edition ed. Springer, New York, Apr. 2011. 2


[BB10] BERTIN J., BERG W. J.: Semiology of graphics: Diagrams, networks, maps, 1st ed ed. ESRI Press and Distributed by Ingram Publisher Services, Redlands and Calif, 2010. 2


[CS12] CHUVAKIN A. A., SCHMIDT K. J.: Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management, 1 edition ed. Syngress, Amsterdam, Dec. 2012. 2


[GFC05] GHONIEM M., FEKETE J.-D., CASTAGLIOLA P.: On the readability of graphs using node-link and matrix-based representations: a controlled experiment and statistical analysis. Information Visualization 4, 2 (2005), 114–135. 2


[GGP] GASSEN J., GERHARDS-PADILLA E.: HoneypotMe. https://bitbucket.org/fkie_cd_dare/honeypotme, retrieved on 17/04/2015. 3


[HF06] HENRY N., FEKETE J.: MatrixExplorer: a Dual-Representation System to Explore Social Networks. IEEE Transactions on Visualization and Computer Graphics 12, 5 (Sept. 2006), 677–684. 2


[HFM07] HENRY N., FEKETE J.-D., MCGUFFIN M. J.: Node-Trix: a Hybrid Visualization of Social Networks. IEEE Transactions on Visualization and Computer Graphics 13, 6 (2007), 1302–1309. 2


[HPBM13] HUMPHRIES C., PRIGENT N., BIDAN C., MAJORCZYK F.: ELVIS: Extensible Log VISualization. In Proceedings of the Tenth Workshop on Visualization for Cyber Security (New York, NY, USA, 2013), VizSec ’13, ACM, pp. 9–16. 2


[HT73] HOPCROFT J., TARJAN R.: Algorithm 447: Efficient Algorithms for Graph Manipulation. Commun. ACM 16, 6 (June 1973), 372–378. 3


[KEC06] KELLER R., ECKERT C. M., CLARKSON P. J.: Matrices or node-link diagrams: which visual representation is better for visualising connectivity models? Information Visualization 5, 1 (2006), 62–76. 2


[KR09] KAUFMAN L., ROUSSEEUW P. J.: Finding Groups in Data: An Introduction to Cluster Analysis. John Wiley & Sons, 2009. 2


[Kre14] KREPS J.: I Heart Logs: Event Data, Stream Processing, and Data Integration, 1 edition ed. O’Reilly Media, Oct. 2014. 2


[MML07] MUELLER C., MARTIN B., LUMSDAINE A.: A comparison of vertex ordering algorithms for large graph visualization. In Asia-Pacific Symposium on Visualisation 2007 (2007), pp. 141–148. 3


[SG03] STREHL A., GHOSH J.: Relationship-Based Clustering and Visualization for High-Dimensional Data Mining. INFORMS Journal on Computing 15, 2 (2003), 208–230. 3


[Spl] SPLUNK INC.: Operational Intelligence, Log Management, Application Management, Enterprise Security and Compliance. http://www.splunk.com/, retrieved on 17/04/2015. 2


[THB*15] TWELLMEYER J., HUTTER M., BEHRISCH M., KOHLHAMMER J., SCHRECK T.: The Visual Exploration of Aggregate Similarity for Multi-dimensional Clustering. In Proceedings of International Conference on Information Visualization Theory and Applications (Mar. 2015), pp. 40–50. 3


[Tho10] THONNARD O.: A Multi-Criteria Clustering Approach to Support Attack Attribution in Cyberspace. PhD thesis, Ecole Nationale Supérieure des Télécommunications, Paris, 2010. 2


[TMD10] THONNARD O., MEES W., DACIER M.: On a multicriteria clustering approach for attack attribution. ACM SIGKDD Explorations Newsletter 12, 1 (2010), 11. 2


[Tor96] TORRA V.: Weighted OWA operators for synthesis of information. In IEEE 5th International Fuzzy Systems (1996), pp. 966–971. 2


[Yag88] YAGER R. R.: On ordered weighted averaging aggregation operators in multicriteria decisionmaking. IEEE Transactions on Systems, Man, and Cybernetics 18, 1 (1988), 183–190. 2

Proceedings of SIGRAD 2015, June 1st and 2nd, Stockholm, Sweden

Author:
James E. Twellmeyer, Arjan Kuijper, Jörn Kohlhammer
Title:
WOW-A-Cluster! A Visual Similarity-Based Approach to Log Exploration
Note: the following are taken directly from CrossRef
Citations:
No citations available at the moment


Responsible for this page: Peter Berkesand
Last updated: 2017-02-21