Finding anomalies in time-series using visual correlation for interactive root cause analysis

Stoffel, Florian; Fischer, Fabian; Keim, Daniel A.

doi:10.1145/2517957.2517966

Cited by 18 publications

(10 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We shed light on single techniques that are most closely related. Stoffel et al present a client‐server visual analytics systems for anomaly detection in computer networks [SFK13]. Its main views show a collection of vertically oriented line charts that are compared with a reference model of the data.…”

Section: Related Workmentioning

confidence: 99%

Visual Analysis of Time‐Series Similarities for Anomaly Detection in Sensor Networks

Steiger

Bernard

Mittelstädt

et al. 2014

Computer Graphics Forum

View full text Add to dashboard Cite

show abstract

Section: Related Workmentioning

confidence: 99%

Visual Analysis of Time‐Series Similarities for Anomaly Detection in Sensor Networks

Steiger

Bernard

Mittelstädt

et al. 2014

Computer Graphics Forum

View full text Add to dashboard Cite

show abstract

“…Results from different anomaly detection approaches have been visualized in different ways. Stoffel et al provide a visualization combining multiple data sources that monitor a computer network [27]. Their visualization relies on well-known time series visualizations.…”

Section: Anomaly Detection In Time Seriesmentioning

confidence: 99%

Security in Process: Visually Supported Triage Analysis in Industrial Process Data

Lohfink

Antón

Schotten

et al. 2020

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

Fig. 1. Overview of our visualization system: To support triage analysis in OT-networks, our visualization combines sensor readings with results from an anomaly detection algorithm. Spiral plots encode readings and detection results in color and line thickness respectively. An overview of the complete time frame is provided in a time slider and anomalies are highlighted.Abstract-Operation technology networks, i.e. hard-and software used for monitoring and controlling physical/industrial processes, have been considered immune to cyber attacks for a long time. A recent increase of attacks in these networks proves this assumption wrong. Several technical constraints lead to approaches to detect attacks on industrial processes using available sensor data. This setting differs fundamentally from anomaly detection in IT-network traffic and requires new visualization approaches adapted to the common periodical behavior in OT-network data. We present a tailored visualization system that utilizes inherent features of measurements from industrial processes to full capacity to provide insight into the data and support triage analysis by laymen and experts. The novel combination of spiral plots with results from anomaly detection was implemented in an interactive system. The capabilities of our system are demonstrated using sensor and actuator data from a real-world water treatment process with introduced attacks. Exemplary analysis strategies are presented. Finally, we evaluate effectiveness and usability of our system and perform an expert evaluation.

show abstract

“…Since the analyst can specify queries, this means the problem space is not confined, however it does rely on the creation of well-defined queries by the analyst to identify insider threat behaviour. Stoffel et al [23] propose a visual analytics application for identifying correlations between different networked devices, based on time-series anomaly detection and similarity models. They focus primarily at the network traffic level, and so they do not currently consider other attributes related to insider threat such as file storage systems and USB connected devices.…”

Section: Related Workmentioning

confidence: 99%

Visualizing the insider threat: challenges and tools for identifying malicious user activity

Legg

2015

2015 IEEE Symposium on Visualization for Cyber Security (VizSec)

View full text Add to dashboard Cite

Finding anomalies in time-series using visual correlation for interactive root cause analysis

Cited by 18 publications

References 17 publications

Visual Analysis of Time‐Series Similarities for Anomaly Detection in Sensor Networks

Visual Analysis of Time‐Series Similarities for Anomaly Detection in Sensor Networks

Security in Process: Visually Supported Triage Analysis in Industrial Process Data

Visualizing the insider threat: challenges and tools for identifying malicious user activity

Contact Info

Product

Resources

About