BW-Fit information at your fingertips Interactive Visualization for GigaPixel Displays

Visualization of network time series

Goal of the project "Visualization of network time series" is the development and imlementation of innovative visualization techniques for network time series, which take advantage of high resolution displays and display walls to present very large data sets in an appropriate way. Thereby, these techniques should enable explorative visual analysis. The specific challenges are in the extremely large data sets and the high degree of details of network time series, which are recorded when monitoring networks (e.g, load profiles, port information, IP packet information, etc.).

to the project website (German) »

Prototype 1: Radial Traffic Analyzer

We consider the problem of visually analyzing important characteristics among the communication flows between hosts on the Internet. The communication data occurring is inherently complex as we have to deal with (a) large amounts of data (b) occurring in real-time, and which (c) potentially also contain complex interrelationships between the communication connections, which may furthermore (d) be varying in time.

We build hierarchic radial layouts visualizing the distribution of a given communication volume along the main four packet-based attributes. The basic idea of this approach is to provide a radial hierarchical layout, to visually represent the frequent patterns in a high level view, and to allow the user to get details on demand by providing drill down and selection capabilities. Combining the radial layouts with an appropriate colormap, the user gets a compact informative summary of inbound and outbound packets with respect to a given host on a network.

Daniel A. Keim, Florian Mansmann, Jörn Schneidewind, Tobias Schreck: Monitoring Network Traffic with Radial Traffic Analyzer, Proc. of IEEE Symposium on Visual Analytics Science and Technology 2006 (VAST 2006), 2006.

Prototype 2: Hierarchical Network Map

The main focus of this study is to propose interactive Hierarchical Network Maps (HNMaps) that support a mental model of global Internet measurements. HNMaps are applied to depict a hierarchy of 7 continents, 190 countries, 23054 autonomous systems and 197427 IP prefixes. We adopt the Treemap approach: each node in the hierarchy is drawn as a box placed inside its parent. Node sizes are proportional to the number of items contained. Popup and fixed text labels are used to identify nodes. An adjustable color scale also encodes an attribute under inspection.

Florian Mansmann, Fabian Fischer, Daniel A. Keim, Stephen C. North: Visualizing large-scale IP traffic flows, Proceedings of 12th International Workshop Vision, Modeling, and Visualization, 2007, Saarbrücken, Germany.

Florian Mansmann, Daniel A. Keim, Stephen C. North, Brian Rexroad, Daniel Sheleheda: Visual Analysis of Network Traffic for Resource Planning, Interactive Monitoring, and Interpretation of Security Threats, IEEE Transactions on Visualization and Computer Graphics (Proceedings Visualization / Information Visualization 2007), Vol. 13, No. 6, Ieee Press, 2007.

Florian Mansmann, Svetlana Vinnik: Interactive Exploration of Data Traffic with Hierarchical Network Maps, IEEE Transactions on Visualization and Computer Graphics (TVCG), 2006.

Prototype 3: Behavior Graph

We present a visual analytics tool that visualizes network host behavior through positional changes in a two dimensional space using a force-directed graph layout algorithm. The tool’s interaction capabilities allow for visual exploration of network trafﬁc over time and are demonstrated using netﬂow data as well as IDS alerts. Automatic accentuation of hosts with highly variable trafﬁc results in fast hypothesis generation and conﬁrmation of suspicious host behavior.

Florian Mansmann, Lorenz Meier, Daniel A. Keim: Visualization of Host Behavior for Network Security, VizSec 2007 - Workshop on Visualization for Computer Security, Springer, 2008.

Prototype 4: NFlowVis

We propose a novel analysis system called NFlowVis with the goal of enabling quick visual insights into communication patterns. The system is capable of storing NetFlow data of large systems, linking these ﬂows to alerts from intrusion detection systems or public warnings, and to visualize ﬂows be- tween external and internal hosts. Using a TreeMap visualization, we depict the local network infrastructure emphasizing high traﬃc subnets. On top of this visu- alization, Splines in selected colors are utilized to connect the external host with the local communication partners, thereby revealing insight into communication patterns of malicious and legitimate network traﬃc.

Florian Mansmann, Fabian Fischer, Daniel A. Keim, Stephan Pietzko, Marcel Waldvogel: Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks, 2009, 2. Dfn Forum Kommunikationstechnologien - Verteilte Systeme Im Wissenschaftsbereich.

Fabian Fischer, Florian Mansmann, Daniel A. Keim, Stephan Pietzko, Marcel Waldvogel: Large-scale Network Monitoring for Visual Analysis of Attacks, VizSec 2008 - Workshop on Visualization for Computer Security, Springer, 2008.