Data visualization as a means to explore and detect known and unknown security issues in log files

von Jan-Erik Stange (Fachhochschule Potsdam), Johannes Landstorfer (IXDS)

Log files are often described as treasure boxes because of the information they contain. But in practice, evaluating them is often seen as tedious. Data visualization can be a smart way to gain an overview and an initial understanding of large logs. Additionally, current tools often focus on search of known items. We believe that explorative tools are necessary for "when you don't know exactly yet what to look for", for revealing patterns that would otherwise be overlooked.

The Interaction Design Lab (IDL) at FH Potsdam currently develops visualizations specifically for security use cases. A recent focus were ssh log files but further applications are planned as part of the SASER research project.

In our talk, we will provide some insights into our research process at the IDL and introduce our user research, which lay the groundwork for our more general decisions in developing our visualizations. In the main part of our talk, we will present some use cases, related data sets, and show how we created the visualizations and what decisions we took. We will explain our findings mainly with the tools that we developed as early prototypes.
We will show the specific advantages for detecting security incidents. We also want to discuss challenges and extensions with the practitioners at Linux Tag. We are especially interested in learning more about other use cases that we didn't focus on so far and that pose particular challenges that might be ideal candidates for visualizations.

Über den Autor Jan-Erik Stange:

Jan-Erik Stange received his bachelor degree in industrial design at Muthesius Kunsthochschule Kiel in 2008. In 2011 he graduated from University of Applied Sciences in Potsdam with a master degree in interface design. Since then he has been freelancing for several design agencies and institutions in Germany and the US in the area of interface design, data visualization and information design.

Currently Jan-Erik Stange is a research associate and lecturer at the Interaction Design Lab at the University of Applied Sciences Potsdam. He is the project leader of the SaSER (Safe and Secure European Routing) project, in which he and his team explore new ways of using visualization to provide network security experts with tools to detect security threats earlier and more reliably. His research interests lie in enhancing understanding with information visualization of complex datasets, human visual pattern recognition, user experience design and generative design.

Über den Autor Johannes Landstorfer:

Johannes Landstorfer is working as an interaction design lead on innovation projects for various industries at the design agency IXDS. He joined the IDL part-time as research associate in the area of data visualization. His primary interest is the application of novel visualization techniques to various challenges around “Big Data” to turn it into actionable insights.