Finding anomalies in time-series using visual correlation for interactive root cause analysis

Authors:
Florian Stoffel;Fabian Fischer;Daniel A. Keim
Affiliations:
University of Konstanz;University of Konstanz;University of Konstanz
Venue:
Proceedings of the Tenth Workshop on Visualization for Cyber Security
Year:
2013

Citing 13
Cited 0

The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms

The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
Achieving higher magnification in context

Proceedings of the 17th annual ACM symposium on User interface software and technology
HOT SAX: Efficiently Finding the Most Unusual Time Series Subsequence

ICDM '05 Proceedings of the Fifth IEEE International Conference on Data Mining
Two-Tone Pseudo Coloring: Compact Visualization for One-Dimensional Data

INFOVIS '05 Proceedings of the Proceedings of the 2005 IEEE Symposium on Information Visualization
Line graph explorer: scalable display of line graphs using Focus+Context

Proceedings of the working conference on Advanced visual interfaces
LiveRAC: interactive visual exploration of system management time-series data

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Visual Analytics: Scope and Challenges

Visual Data Mining
Sizing the horizon: the effects of chart size and layering on the graphical perception of time series visualizations

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Real-time visualization of network behaviors for situational awareness

Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Graphical Perception of Multiple Time Series

IEEE Transactions on Visualization and Computer Graphics
Visualization of Time-Oriented Data

Visualization of Time-Oriented Data
Exploratory Analysis of Time-Series with ChronoLenses

IEEE Transactions on Visualization and Computer Graphics
RainMon: an integrated approach to mining bursty timeseries monitoring data

Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining

Quantified Score

Hi-index	0.00

Visualization

Abstract

Monitoring computer networks often includes gathering vast amounts of time-series data from thousands of computer systems and network devices. Threshold alerting is easy to accomplish with state-of-the-art technologies. However, to find correlations and similar behaviors between the different devices is challenging. We developed a visual analytics application to tackle this challenge by integrating similarity models and analytics combined with well-known, but task-adapted, time-series visualizations. We show in a case study, how this system can be used to visually identify correlations and anomalies in large data sets and identify and investigate security-related events.