Mining high-speed data streams
Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining
Flodar: Flow Visualization of Network Traffic
IEEE Computer Graphics and Applications
Detecting fraud in the real world
Handbook of massive data sets
Visualizing Time-Series on Spirals
INFOVIS '01 Proceedings of the IEEE Symposium on Information Visualization 2001 (INFOVIS'01)
A symbolic representation of time series, with implications for streaming algorithms
DMKD '03 Proceedings of the 8th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery
An Extended Platter Metaphor for Effective Reconfigurable Network Visualization
IV '04 Proceedings of the Information Visualisation, Eighth International Conference
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
HOT SAX: Efficiently Finding the Most Unusual Time Series Subsequence
ICDM '05 Proceedings of the Fifth IEEE International Conference on Data Mining
Multiple Coordinated Views for Network Attack Graphs
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
QROCK: A quick version of the ROCK algorithm for clustering of categorical data
Pattern Recognition Letters
A Flexible, High Performance Service-Oriented Architecture for Detecting Cyber Attacks
HICSS '08 Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences
The MeDICi Integration Framework: A Platform for High Performance Data Streaming Applications
WICSA '08 Proceedings of the Seventh Working IEEE/IFIP Conference on Software Architecture (WICSA 2008)
LiveRAC: interactive visual exploration of system management time-series data
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
FloVis: Flow Visualization System
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Engineering high performance service-oriented pipeline applications with MeDICi
ICSOC'10 Proceedings of the 2010 international conference on Service-oriented computing
Real-time visual analytics for event data streams
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Predicting semantic annotations on the real-time web
Proceedings of the 23rd ACM conference on Hypertext and social media
Visualization design for immediate high-level situational assessment
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Finding anomalies in time-series using visual correlation for interactive root cause analysis
Proceedings of the Tenth Workshop on Visualization for Cyber Security
| Hi-index | 0.00 |
Plentiful, complex, and dynamic data make understanding the state of an enterprise network difficult. Although visualization can help analysts understand baseline behaviors in network traffic and identify off-normal events, visual analysis systems often do not scale well to operational data volumes (in the hundreds of millions to billions of transactions per day) nor to analysis of emergent trends in real-time data. We present a system that combines multiple, complementary visualization techniques coupled with in-stream analytics, behavioral modeling of network actors, and a high-throughput processing platform called MeDICi. This system provides situational understanding of real-time network activity to help analysts take proactive response steps. We have developed these techniques using requirements gathered from the government users for which the tools are being developed. By linking multiple visualization tools to a streaming analytic pipeline, and designing each tool to support a particular kind of analysis (from high-level awareness to detailed investigation), analysts can understand the behavior of a network across multiple levels of abstraction.