EVSec: An Approach to Extract and Visualize Security Scenarios from System Logs

Jameleddine Hassine*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Logs, a.k.a. execution traces, provide a glimpse into the functionalities of running systems that have poor, incomplete, or outdated documentation. Logs contain a rich amount of information that can be used to facilitate troubleshooting/debugging, track events, detect security breaches, maintain regulatory requirements, and profile user behavior and workload. Driven by the growing complexity of today's software platforms, reverse engineering of high-level models from system logs has gained momentum in recent years. In this paper, we introduce EVSec, an approach to extract and visualize security scenarios from system logs. The collected logs are first merged, filtered, labeled, and segmented into execution phases. The resulting phases are then visualized using the ITU-T standard, Use Case Maps (UCM) notation, extended with security annotations. We show the applicability of our proposed EVSec approach using two real-world security features, namely, Cisco IOS Login block and Cisco Unicast Reverse Path Forwarding (uRPF).

Original languageEnglish
Title of host publicationProceedings of the ACM International Conference on Evaluation and Assessment in Software Engineering, EASE 2022
PublisherAssociation for Computing Machinery
Number of pages7
ISBN (Electronic)9781450396134
StatePublished - 13 Jun 2022

Publication series

NameACM International Conference Proceeding Series

Bibliographical note

Publisher Copyright:
© 2022 ACM.


  • Cisco security features
  • Logs
  • Use Case Maps (UCM)
  • extraction
  • filtering
  • security scenarios
  • visualization

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


Dive into the research topics of 'EVSec: An Approach to Extract and Visualize Security Scenarios from System Logs'. Together they form a unique fingerprint.

Cite this