Multi-aspect visual analytics on large-scale high-dimensional cyber security data

Chen, Yingjie Victor; Razip, Ahmad M; Ko, Sungahn; Qian, Cheryl Z.; Ebert, David S.

doi:10.1177/1473871613488573

Cited by 13 publications

(7 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is difficult to have a joint integral modeling approach. We have observed such sequential analysis processes in our own practice [22] while solving the VAST 2012 challenge MC2 [17], and in other winning entries [23,24] when they tried to solve the VAST 2013 challenge MC3 [25]. Many times when looking for issues, the user first examined the temporal aspect by looking at the time series curves to find out the anomalies (e.g., huge peak in the curve), then checked out other detailed visualizations to allocate the affecting hosts (IP addresses).…”

Section: Analysis Process For Spatiotemporal Cybersecurity Data Setsmentioning

confidence: 99%

See 1 more Smart Citation

Fluency of visualizations: linking spatiotemporal visualizations to improve cybersecurity visual analytics

Qian

Chen

2014

Secur Inform

View full text Add to dashboard Cite

This paper adopts the metaphor of representational fluency and proposes an auto linking approach to help analysts investigate details of suspicious sections across different cybersecurity visualizations. Analysis of spatiotemporal network security data takes place both conditionally and in sequence. Many visual analytics systems use time series curves to visualize the data from the temporal perspective and maps to show the spatial information. To identify anomalies, the analysts frequently shift across different visualizations and the original data view. We consider them as various representations of the same data and aim to enhance the fluency of navigation across these representations. With the auto linking mechanism, after the analyst selects a segment of a curve, the system can automatically highlight the related area on the map for further investigation, and the selections on the map or the data views can also trigger the related time series curves. This approach adopts the slicing operation of the Online Analytical Process (OLAP) to find the basic granularities that contribute to the overall value change. We implemented this approach in an award-winning visual analytics system, SemanticPrism, and demonstrate the functions through two use cases.

show abstract

Section: Analysis Process For Spatiotemporal Cybersecurity Data Setsmentioning

confidence: 99%

“…SemanticPrism provides a semantic zooming mechanism to change the details of display while the user is zooming in [22]. Offices on the map can change into 4 levels of details, depending on the available on-screen space.…”

Section: From Spatial Visualization To Time Series Curvesmentioning

confidence: 99%

Fluency of visualizations: linking spatiotemporal visualizations to improve cybersecurity visual analytics

Qian

Chen

2014

Secur Inform

View full text Add to dashboard Cite

show abstract

“…This is a typical spatiotemporal problem. To demonstrate the distribution of changes over time, one solution is to automatically (or manually) animate a sequence of visualizations in order, as the SemanticPrism system does [4]. However, the user can experience cognitive overload if they are required to compare earlier and current scenes, especially if they also need to identify multiple differences among scenes.…”

Section: Introductionmentioning

confidence: 99%

Phoenixmap: An Abstract Approach to Visualize 2D Spatial Distributions

Zhao

Liu

Guo

et al. 2021

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

The multidimensional nature of spatial data poses a challenge for visualization. In this paper, we introduce Phoenixmap, a simple abstract visualization method to address the issue of visualizing multiple spatial distributions at once. The Phoenixmap approach starts by identifying the enclosed outline of the point collection, then assigns different widths to outline segments according to the segments' corresponding inside regions. Thus, one 2D distribution is represented as an outline with varied thicknesses. Phoenixmap is capable of overlaying multiple outlines and comparing them across categories of objects in a 2D space. We chose heatmap as a benchmark spatial visualization method and conducted user studies to compare performances among Phoenixmap, heatmap, and dot distribution map. Based on the analysis and participant feedback, we demonstrate that Phoenixmap 1) allows users to perceive and compare spatial distribution data efficiently; 2) frees up graphics space with a concise form that can provide visualization design possibilities like overlapping; and 3) provides a good quantitative perceptual estimating capability given the proper legends. Finally, we discuss several possible applications of Phoenixmap and present one visualization of multiple species of birds' active regions in a nature preserve.

show abstract

“…Some examples from the academic literature from the first decade of the 2000s are Wang, 17 Boyack et al, 18 Buzydlovky et al, 19 Skupin, 20 Wang et al, 21 Van Ham and Van Wijk, 22 Perer and Shneiderman, 23 Henry and Fekete, 24 Leydesdorff, 25 Burns and Skupin, 26 Zhu et al, 27 Boyack et al, 2 Lieberman et al, 28 and Dörk et al 29 For a mid-decennium overview, we refer to Börner. 30 Some more recent applications are Skupin et al, 31 Burns and Skupin, 32 Chen et al, 33 Liu et al, 34 and Wang et al 21 Another 80-plus recent examples, mostly from non-academic sources, can be found in Lima’s 35 compendium on Visual Complexity .…”

Section: Introduction: Does the Map Metaphor Fulfill Its Promise?mentioning

confidence: 99%

Map- or list-based recommender agents? Does the map metaphor fulfill its promise?

Reitsma

Hsieh

Diekema

et al. 2016

Information Visualization

View full text Add to dashboard Cite

We present a spatialization of digital library content based on item similarity and an experiment which compares the performance of this spatialization relative to a simple list-based display. Items in the library are elementary school, middle school, and high school science and engineering learning resources. Spatialization and visualization are accomplished through two-dimensional interactive Sammon mapping of pairwise item similarities computed from the joint occurrence of word bigrams. The 65 science teachers participating in the experiment were asked to search the library for curricular items they would consider using as part of one or more teaching assignments. The results indicate that whereas the spatializations adequately capture the salient features of the library’s content and teachers actively use them, item retrieval rates, task-completion time, and perceived utility do not significantly differ from the semantically poorer but easier to comprehend and navigate list-based representations. These results put into question the usefulness of the rapidly increasing supply of information spatializations.

show abstract

Multi-aspect visual analytics on large-scale high-dimensional cyber security data

Cited by 13 publications

References 29 publications

Fluency of visualizations: linking spatiotemporal visualizations to improve cybersecurity visual analytics

Fluency of visualizations: linking spatiotemporal visualizations to improve cybersecurity visual analytics

Phoenixmap: An Abstract Approach to Visualize 2D Spatial Distributions

Map- or list-based recommender agents? Does the map metaphor fulfill its promise?

Contact Info

Product

Resources

About