BW-Fit information at your fingertips Interaktive Visualisierung für Gigapixel Displays

Visualisierung von Netzwerk-Zeitreihendaten

Ziel des Projekts "Visualisierung von Netzwerk-Zeitreihendaten" ist die Entwicklung und Implementierung von innovativen Visualisierungstechniken für Netzwerk-Zeitreihendaten, welche die Möglichkeiten heutiger hochauflösender Displays und Projektionswände nutzen, um sehr große Datenmengen geeignet darzustellen und eine explorative visuelle Analyse zu ermöglichen. Die besonderen Herausforderungen liegen dabei in den extrem großen Mengen und dem hohen Detaillierungsgrad von Netzwerk-Zeitreihendaten, welche beim Betrieb der Netzwerke anfallen (z.B. Lastprofile, Port-Informationen, IP-Paketinformationen, etc.). Innovative Datenlayouts sollen den verfügbaren "Screenspace" optimal ausnutzen und werden sowohl mit speziell angepassten automatischen Datenanalyseverfahren als auch mit neuartigen Interaktionstechniken kombiniert, um die eine fokussierte dynamische Verarbeitung sehr großer Datenmengen zu ermöglichen.

zur Projektseite »

Prototype 1: Radial Traffic Analyzer

We consider the problem of visually analyzing important characteristics among the communication flows between hosts on the Internet. The communication data occurring is inherently complex as we have to deal with (a) large amounts of data (b) occurring in real-time, and which (c) potentially also contain complex interrelationships between the communication connections, which may furthermore (d) be varying in time.

We build hierarchic radial layouts visualizing the distribution of a given communication volume along the main four packet-based attributes. The basic idea of this approach is to provide a radial hierarchical layout, to visually represent the frequent patterns in a high level view, and to allow the user to get details on demand by providing drill down and selection capabilities. Combining the radial layouts with an appropriate colormap, the user gets a compact informative summary of inbound and outbound packets with respect to a given host on a network.

Daniel A. Keim, Florian Mansmann, Jörn Schneidewind, Tobias Schreck: Monitoring Network Traffic with Radial Traffic Analyzer, Proc. of IEEE Symposium on Visual Analytics Science and Technology 2006 (VAST 2006), 2006.

Prototype 2: Hierarchical Network Map

The main focus of this study is to propose interactive Hierarchical Network Maps (HNMaps) that support a mental model of global Internet measurements. HNMaps are applied to depict a hierarchy of 7 continents, 190 countries, 23054 autonomous systems and 197427 IP prefixes. We adopt the Treemap approach: each node in the hierarchy is drawn as a box placed inside its parent. Node sizes are proportional to the number of items contained. Popup and fixed text labels are used to identify nodes. An adjustable color scale also encodes an attribute under inspection.

Florian Mansmann, Fabian Fischer, Daniel A. Keim, Stephen C. North: Visualizing large-scale IP traffic flows, Proceedings of 12th International Workshop Vision, Modeling, and Visualization, 2007, Saarbrücken, Germany.

Florian Mansmann, Daniel A. Keim, Stephen C. North, Brian Rexroad, Daniel Sheleheda: Visual Analysis of Network Traffic for Resource Planning, Interactive Monitoring, and Interpretation of Security Threats, IEEE Transactions on Visualization and Computer Graphics (Proceedings Visualization / Information Visualization 2007), Vol. 13, No. 6, Ieee Press, 2007.

Florian Mansmann, Svetlana Vinnik: Interactive Exploration of Data Traffic with Hierarchical Network Maps, IEEE Transactions on Visualization and Computer Graphics (TVCG), 2006.

Prototype 3: Behavior Graph

We present a visual analytics tool that visualizes network host behavior through positional changes in a two dimensional space using a force-directed graph layout algorithm. The tool’s interaction capabilities allow for visual exploration of network trafﬁc over time and are demonstrated using netﬂow data as well as IDS alerts. Automatic accentuation of hosts with highly variable trafﬁc results in fast hypothesis generation and conﬁrmation of suspicious host behavior.

Florian Mansmann, Lorenz Meier, Daniel A. Keim: Visualization of Host Behavior for Network Security, VizSec 2007 - Workshop on Visualization for Computer Security, Springer, 2008.

Prototype 4: NFlowVis

We propose a novel analysis system called NFlowVis with the goal of enabling quick visual insights into communication patterns. The system is capable of storing NetFlow data of large systems, linking these ﬂows to alerts from intrusion detection systems or public warnings, and to visualize ﬂows be- tween external and internal hosts. Using a TreeMap visualization, we depict the local network infrastructure emphasizing high traﬃc subnets. On top of this visu- alization, Splines in selected colors are utilized to connect the external host with the local communication partners, thereby revealing insight into communication patterns of malicious and legitimate network traﬃc.

Florian Mansmann, Fabian Fischer, Daniel A. Keim, Stephan Pietzko, Marcel Waldvogel: Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks, 2009, 2. Dfn Forum Kommunikationstechnologien - Verteilte Systeme Im Wissenschaftsbereich.

Fabian Fischer, Florian Mansmann, Daniel A. Keim, Stephan Pietzko, Marcel Waldvogel: Large-scale Network Monitoring for Visual Analysis of Attacks, VizSec 2008 - Workshop on Visualization for Computer Security, Springer, 2008.