A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools

2019 IEEE Symposium on Visualization for Cyber Security (VizSec) Pub Date : 2019-10-01 DOI:10.1109/VizSec48167.2019.9161489

Jorge Guerra, Eduardo E. Veas, C. Catania

{"title":"A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools","authors":"Jorge Guerra, Eduardo E. Veas, C. Catania","doi":"10.1109/VizSec48167.2019.9161489","DOIUrl":null,"url":null,"abstract":"Labeling a real network dataset is specially expensive in computer security, as an expert has to ponder several factors before assigning each label. This paper describes an interactive intelligent system to support the task of identifying hostile behaviors in network logs. The RiskID application uses visualizations to graphically encode features of network connections and promote visual comparison. In the background, two algorithms are used to actively organize connections and predict potential labels: a recommendation algorithm and a semi-supervised learning strategy. These algorithms together with interactive adaptions to the user interface constitute a behavior recommendation. A study is carried out to analyze how the algorithms for recommendation and prediction influence the workflow of labeling a dataset. The results of a study with 16 participants indicate that the behaviour recommendation significantly improves the quality of labels. Analyzing interaction patterns, we identify a more intuitive workflow used when behaviour recommendation is available.","PeriodicalId":242942,"journal":{"name":"2019 IEEE Symposium on Visualization for Cyber Security (VizSec)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Symposium on Visualization for Cyber Security (VizSec)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/VizSec48167.2019.9161489","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

Labeling a real network dataset is specially expensive in computer security, as an expert has to ponder several factors before assigning each label. This paper describes an interactive intelligent system to support the task of identifying hostile behaviors in network logs. The RiskID application uses visualizations to graphically encode features of network connections and promote visual comparison. In the background, two algorithms are used to actively organize connections and predict potential labels: a recommendation algorithm and a semi-supervised learning strategy. These algorithms together with interactive adaptions to the user interface constitute a behavior recommendation. A study is carried out to analyze how the algorithms for recommendation and prediction influence the workflow of labeling a dataset. The results of a study with 16 participants indicate that the behaviour recommendation significantly improves the quality of labels. Analyzing interaction patterns, we identify a more intuitive workflow used when behaviour recommendation is available.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于智能交互工具的网络敌对行为标注研究

标记真实的网络数据集在计算机安全方面特别昂贵，因为专家在分配每个标签之前必须考虑几个因素。本文描述了一种交互式智能系统来支持识别网络日志中的敌对行为。RiskID应用程序使用可视化来图形化地编码网络连接的特征，并促进可视化比较。在后台，使用两种算法来主动组织连接并预测潜在的标签:推荐算法和半监督学习策略。这些算法与对用户界面的交互式适应一起构成了行为推荐。研究了推荐和预测算法对数据集标注工作流程的影响。一项有16名参与者的研究结果表明，行为推荐显著提高了标签的质量。通过分析交互模式，我们确定了当行为推荐可用时使用的更直观的工作流。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2019 IEEE Symposium on Visualization for Cyber Security (VizSec)

自引率

0.00%

发文量

期刊最新文献

VizSec 2019 Foreword VizSec 2019 Committees [Copyright notice] VizSec 2019 Keynote A Study on Labeling Network Hostile Behavior with Intelligent Interactive Tools