%0 Conference Paper %1 7042483 %A Landstorfer, J. %A Herrmann, I. %A Stange, J.-E. %A Dork, M. %A Wettach, R. %B Visual Analytics Science and Technology (VAST), 2014 IEEE Conference on %D 2014 %K saser saser-siegfried %P 73-82 %R 10.1109/VAST.2014.7042483 %T Weaving a carpet from log entries: A network security visualization built with co-creation %U http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7042483 %X We created a pixel map for multivariate data based on an analysis of the needs of network security engineers. Parameters of a log record are shown as pixels and these pixels are stacked to represent a record. This allows a broad view of a data set on one screen while staying very close to the raw data and to expose common and rare patterns of user behavior through the visualization itself (the "Carpet"). Visualizations that immediately point to areas of suspicious activity without requiring extensive filtering, help network engineers investigating unknown computer security incidents. Most of them, however, have limited knowledge of advanced visualization techniques, while many designers and data scientists are unfamiliar with computer security topics. To bridge this gap, we developed visualizations together with engineers, following a co-creative process. We will show how we explored the scope of the engineers' tasks and how we jointly developed ideas and designs. Our expert evaluation indicates that this visualization helps to scan large parts of log files quickly and to define areas of interest for closer inspection.

@inproceedings{7042483, abstract = {We created a pixel map for multivariate data based on an analysis of the needs of network security engineers. Parameters of a log record are shown as pixels and these pixels are stacked to represent a record. This allows a broad view of a data set on one screen while staying very close to the raw data and to expose common and rare patterns of user behavior through the visualization itself (the "Carpet"). Visualizations that immediately point to areas of suspicious activity without requiring extensive filtering, help network engineers investigating unknown computer security incidents. Most of them, however, have limited knowledge of advanced visualization techniques, while many designers and data scientists are unfamiliar with computer security topics. To bridge this gap, we developed visualizations together with engineers, following a co-creative process. We will show how we explored the scope of the engineers' tasks and how we jointly developed ideas and designs. Our expert evaluation indicates that this visualization helps to scan large parts of log files quickly and to define areas of interest for closer inspection.}, added-at = {2015-11-13T09:48:53.000+0100}, author = {Landstorfer, J. and Herrmann, I. and Stange, J.-E. and Dork, M. and Wettach, R.}, biburl = {https://www.bibsonomy.org/bibtex/2cee0e24d030286e6019e49c011932f6f/rastin}, booktitle = {Visual Analytics Science and Technology (VAST), 2014 IEEE Conference on}, doi = {10.1109/VAST.2014.7042483}, interhash = {0857cd4d05f603401eee0804ad47b20c}, intrahash = {cee0e24d030286e6019e49c011932f6f}, keywords = {saser saser-siegfried}, month = oct, pages = {73-82}, timestamp = {2015-11-13T09:48:53.000+0100}, title = {Weaving a carpet from log entries: A network security visualization built with co-creation}, url = {http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7042483}, year = 2014 }