Abstract
A security analyst plays a key role in tackling unusual incidents, which is an extenuating task to be properly done, a single service can generate a massive amount of log data in a single day. The analysis of such data is a challenge. Among several available techniques, parallel coordinates have been widely used for visualization of high-dimensional datasets and are also highly suited to plot graphs with a huge number of data points. Unusual conditions and rare events may be revealed in parallel coordinates graph when they are interactively visualized, which is a good feature for the analyst to count on. To address that, we developed the Picviz-GUI tool, adding interactivity to the visualization of parallel coordinates graph. With Picviz-GUI one can shape a graph to reduce visual clutter and to help finding patterns. With a set of simple actions, such as filtering, changing line thickness and color, and selections, the user can highlight the desired information, search through the variables for that subtle data correlation. Picviz-GUI visualization helps the security analyst to understand complex and innovative attacks, to later tune automatized classification systems. This article shows how features on top of parallel coordinates graph can be effective to uncover complex security issues.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Picviz homepage (2010)
Conti, G., Abdullah, K., Grizzard, J., Stasko, J., Copeland, J.A., Ahamad, M., Owen, H.L., Lee, C.: Countering security information overload through alert and packet visualization. IEEE Computer Graphics and Applications 26(2), 60–70 (2006)
da Silva Kauer, A.L., Meiguins, B.S., do Carmo, R.M.C., de Brito Garcia, M., Meiguins, A.S.G.: An information visualization tool with multiple coordinated views for network traffic analysis. In: 12th International Conference on Information Visualisation, IV 2008, pp. 151–156. IEEE (2008)
Inselberg, A., Dimsdale, B.: Parallel coordinates: a tool for visualizing multi-dimensional geometry. In: Proceedings of the 1st Conference on Visualization 1990, p. 378. IEEE Computer Society Press (1990)
Krasser, S., Conti, G., Grizzard, J., Gribschaw, J., Owen, H.: Real-time and forensic network data analysis using animated and coordinated visualization. In: Proceedings from the Sixth Annual IEEE SMC on Information Assurance Workshop, IAW 2005, pp. 42–49. IEEE (2005)
Kruse, W.G., Heiser, J.G.: Computer forensics: incident response essentials. Addison-Wesley (2008)
Lee, C.P., Copeland, J.A.: Flowtag: a collaborative attack-analysis, reporting, and sharing tool for security researchers. In: Proceedings of the 3rd International Workshop on Visualization for Computer Security, pp. 103–108. ACM (2006)
Notsu, H., Okada, Y., Akaishi, M., Niijima, K.: Time-tunnel: Visual analysis tool for time-series numerical data and its extension toward parallel coordinates. In: Proceedings of the International Conference on Computer Graphics, Imaging and Visualization, pp. 167–172. IEEE Computer Society (2005)
Ramsbrock, D., Berthier, R., Cukier, M.: Profiling attacker behavior following ssh compromises, pp. 119–124 (June 2007)
Solka, J.L., Marchette, D.J., Wallet, B.C.: Statistical visualization methods in intrusion detection. Computing Science and Statistics 32, 16–24 (2000)
Thames, J.L., Abler, R., Keeling, D.: A distributed active response architecture for preventing ssh dictionary attacks, pp. 84–89 (April 2008)
Tricaud, S., Saadé, P.: Applied parallel coordinates for logs and network traffic attack analysis. Journal in Computer Virology 6(1), 1–29 (2010)
Tufte, E.R., Goeler, N.H., Benson, R.: Envisioning information, vol. 21. Graphics Press Cheshire, CT (1990)
Tufte, E.R., Howard, G.: The visual display of quantitative information, vol. 7. Graphics press Cheshire, CT (1983)
Tufte, E.R., Weise Moeller, E.: Visual explanations: images and quantities, evidence and narrative. Graphics Press Cheshire, CT (1997)
Wegman, E.J.: Hyperdimensional data analysis using parallel coordinates. Journal of the American Statistical Association, 664–675 (1990)
Yang, J., Peng, W., Ward, M.O., Rundensteiner, E.A.: Interactive hierarchical dimension ordering, spacing and filtering for exploration of high dimensional datasets (2003)
Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: Visflowconnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 26–34. ACM (2004)
Zhang, Y., Xiao, Y., Chen, M., Zhang, J., Deng, H.: A survey of security visualization for computer network logs. In: Security and Communication Networks (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cavalcante, G.D., Tricaud, S., Souza, C.P., de Geus, P.L. (2012). Interactive Analysis of Computer Scenarios through Parallel Coordinates Graphics. In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2012. ICCSA 2012. Lecture Notes in Computer Science, vol 7336. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31128-4_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-31128-4_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31127-7
Online ISBN: 978-3-642-31128-4
eBook Packages: Computer ScienceComputer Science (R0)