VAFLE: visual analytics of firewall log events

Ghoniem, Mohammad; Shurkhovetskyy, Georgiy; Bahey, Ahmed; Otjacques, Benoît

doi:10.1117/12.2037790

Cited by 13 publications

(13 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When there is a large number of time series sharing the same variable (univariate time series) or the same combination of variables (multivariate time series), clustering may be applied to reduce the number of time series by grouping similar series and taking a representative time series from each group. K‐means [Gho+14] and spectral clustering [NJW02] methods have been utilized for this purpose and resulted in much simpler representations although the choice of appropriate parameter settings may be difficult.…”

Section: Methods Classificationmentioning

confidence: 99%

Data Abstraction for Visualizing Large Time Series

Shurkhovetskyy

Andrienko

Fuchs

2017

Computer Graphics Forum

View full text Add to dashboard Cite

Numeric time series is a class of data consisting of chronologically ordered observations represented by numeric values. Much of the data in various domains, such as financial, medical and scientific, are represented in the form of time series. To cope with the increasing sizes of datasets, numerous approaches for abstracting large temporal data are developed in the area of data mining. Many of them proved to be useful for time series visualization. However, despite the existence of numerous surveys on time series mining and visualization, there is no comprehensive classification of the existing methods based on the needs of visualization designers. We propose a classification framework that defines essential criteria for selecting an abstraction method with an eye to subsequent visualization and support of users' analysis tasks. We show that approaches developed in the data mining field are capable of creating representations that are useful for visualizing time series data. We evaluate these methods in terms of the defined criteria and provide a summary table that can be easily used for selecting suitable abstraction methods depending on data properties, desirable form of representation, behaviour features to be studied, required accuracy and level of detail, and the necessity of efficient search and querying. We also indicate directions for possible extension of the proposed classification framework.

show abstract

Section: Methods Classificationmentioning

confidence: 99%

Data Abstraction for Visualizing Large Time Series

Shurkhovetskyy

Andrienko

Fuchs

2017

Computer Graphics Forum

View full text Add to dashboard Cite

show abstract

“…Later advances increased the amount and complexity of log data that could be visualized. Work in network security visualization, such as VAFLE [10], focus on analyzing raw packet captures, IDS alerts, firewall logs, etc. Our work is closer to another thread of work that analyzes logs to learn about user behavior.…”

Section: Visual Log Analysismentioning

confidence: 99%

Using visualizations to monitor changes and harvest insights from a global-scale logging infrastructure at Twitter

Wongsuphasawat

Lin

2014

2014 IEEE Conference on Visual Analytics Science and Technology (VAST)

View full text Add to dashboard Cite

Fig. 1. Scribe Radar (Icicle View) -This interactive visualization displays a collection of log events from a hypothetical product that operates on three platforms: strawberry, coconut, and banana. Log events follow a six-level naming hierarchy (client:page:section:component:element:action). Here, we see that the event strawberry:search:personal:-:-:impression increased in frequency compared to seven days ago, indicated by a light blue rectangle, while a light red rectangle shows that the event strawberry:inbox:inbox:conversation:-:impression dropped slightly.Abstract-Logging user activities is essential to data analysis for internet products and services. Twitter has built a unified logging infrastructure that captures user activities across all clients it owns, making it one of the largest datasets in the organization. This paper describes challenges and opportunities in applying information visualization to log analysis at this massive scale, and shows how various visualization techniques can be adapted to help data scientists extract insights. In particular, we focus on two scenarios: (1) monitoring and exploring a large collection of log events, and (2) performing visual funnel analysis on log data with tens of thousands of event types. Two interactive visualizations were developed for these purposes: we discuss design choices and the implementation of these systems, along with case studies of how they are being used in day-to-day operations at Twitter.

show abstract

“…The same strategy was presented by Temporal Trends [4] and Heatmap Grids [9], but now it is applied in a different context. In the TAM layout, the node degree at each time stamp is computed for all nodes at all times and the highest degree is taken as the maximum value of the activity range, that is used to map the color of nodes.…”

Section: Temporal Activity Mapmentioning

confidence: 99%

“…Other methods to enhance visual pattern detection in dynamic networks include employing 'piling' metaphors [3], adjacency lists, or representing network snapshots as high-dimensional points that are projected in two dimensions [20]. There are also strategies as Temporal Trends [4] and Heatmap Grids [9] that are used to perform visual analytics of firewall log events and dense networks in astronomy and neurology, respectively.…”

Section: Related Workmentioning

confidence: 99%

“…We demonstrate the applicability of our tool to enhance the exploratory network analysis using two case studies that reflect specific scenarios of contact networks between humans. The main contributions are: (i) a new node reordering method, called recurrent neighbors, that has been applied to all case studies of this work; (ii) Temporal Activity Map (TAM) method, previously used in other contexts, as for example visualization of firewall log [9], here applied to reveal node activity; (iii) the analysis of two dynamic networks in different contexts and identification of patterns not observed in previous studies; (iv) to provide a computational system, that intuitively integrates several methods that help domain experts to visualize temporal patterns on networks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DyNetVis

Linhares

Travençolo

Paiva

et al. 2017

Proceedings of the Symposium on Applied Computing

View full text Add to dashboard Cite

The concept of networks has been important in the study of complex systems. In networks, links connect pairs of nodes forming complex structures. Studies have shown that networks not only contain structure but may also evolve in time. The addition of the temporal dimension adds complexity on the analysis and requests the development of innovative methods for the visualization of real-life networks. In this paper we introduce the Dynamic Network Visualization System (DyNetVis), a software tool for visualization of dynamic networks. The system provides several tools for user interaction and offers two coordinated visual layouts, named structural and temporal. Structural refers to standard network drawing techniques, in which a single snapshot of nodes and links are placed in a plane, whereas the temporal layout allows for simultaneously visualization of several temporal snapshots of the dynamic network. In addition, we also investigate two approaches for temporal layout visualization: (i) Recurrent Neighbors, a node ordering strategy that highlights frequent connections in time, and (ii) Temporal Activity Map (TAM), a layout technique with focus on nodes activity. We illustrate the applicability of the layouts and interaction functionalities provided by the system in two visual analysis case studies, demonstrating their advantages to improve the overall user experience on visualization and exploratory data analysis on dynamic networks.

show abstract

VAFLE: visual analytics of firewall log events

Cited by 13 publications

References 19 publications

Data Abstraction for Visualizing Large Time Series

Data Abstraction for Visualizing Large Time Series

Using visualizations to monitor changes and harvest insights from a global-scale logging infrastructure at Twitter

DyNetVis

Contact Info

Product

Resources

About