This Answer Sheet should be used for your Mini-Challenge 2 submission.  Please maintain the .htm format and make sure that all hyperlinks are relative to the answer form.  Rename this form "index.htm" for your submission.  Remove these instructions and any other example text below that is highlighted in yellow. Please see the "Submission Instructions" on the VA Community Websites at http://vacommunity.org/VAST+Challenge+2012.    

Replace this entry name (see Submission Instructions 2.1):  "UWB-Smith-MC2"

VAST 2012 Challenge
Mini-Challenge 2:

 

 

Team Members:

 

Replace this list of team members (See Submission Instructions 2.2):

Marion Smith, University of West Birmingham, smith@westbirmingham.ac.uk     PRIMARY
Paul White, University of Northeastern Washington, white@unew.edu

Tom Jones, University of Northeastern Washington, jones@cs.unew.edu

Student Team:  (See Submission Instructions 2.3) Please enter a YES or NO

 

Tool(s):

 

Provide a list of tools used (See Submission Instructions 2.4)

SAS

JIGSAW, developed by Georgia Tech (John Stasko), used by permission

SPINVIS, developed by the University of West Birmingham CS 459 Information Visualization class, taught Spring 2011 by Dr. Smith, and adapted by the student team for the challenge.

 

Video:

 

Provide a link to your video (See Submission Instructions 2.5)

http://www.westbirmingham.ac.uk/uwb-smith-mc2-video.wmv

 

 

Answers to Mini-Challenge 2 Questions:

 

MC 2.1  Using your visual analytics tools, can you identify what noteworthy events took place for the time period covered in the firewall and IDS logs? Provide screen shots of your visual analytics tools that highlight the five most noteworthy events of security concern, along with explanations of each event.

Provide a Detailed Answer.   (See Submission Instructions 2.6)

MC 2.2  What security trend is apparent in the firewall and IDS logs over the course of the two days included here? Illustrate the identified trend with an informative and innovative visualization.  

Provide a Short Answer.  (See Submission Instructions 2.6)

MC 2.3  What do you suspect is (are) the root cause(s) of the events identified in MC 2.1?  Understanding that you cannot shut down the corporate network or disconnect it from the internet, what actions should the network administrators take to mitigate the root cause problem(s)? 

Provide a Short Answer.  (See Submission Instructions 2.6)