LogWheels: A Security Log Visualizer
MetadataShow full item record
Logging security incidents is a required security measure in every moderately complex computer system. But while most systems produce large quantities of textual logs, these logs are often neglected or infrequently monitored by untrained personnel. One of the reasons for this neglect is the poor usability offered by distributed repositories of plain text log data, using different log formats and contradictory terminology. The use of security visualization has established itself as a promising research area, aiming to improve the usability of security logs by utilizing the visual perception system's abilities to absorb large data quantities. This thesis examines the state of the art in security log usability, and proposes two ideas to the areas of security log usability and security visualization: First, we introduce LogWheels, an interactive dashboard offering remote monitoring of security incident logs, through a user friendly visualization interface. By offering three levels of granularity, LogWheels provides both an overview of the entire system, and the opportunity to request details on demand. Second, we introduce the incident wheel, the core visualization component of LogWheels. The incident wheel presents three key dimensions of security incidents -- 'what', 'when', and 'where' -- all within a single screen. In addition to a specification of LogWheels architecture and visualization scheme, the thesis is accompanied by a functional proof-of-concept, which allows demonstrations of the system on real or simulated security data.