Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations

Mansmann, Florian; Fischer, Fabian; Keim, Daniel A.; North, Stephen C.

doi:10.1145/1641587.1641590

Cited by 42 publications

(26 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As in this study, the tool uses automated processes to direct users' attention, and the authors observe that automation failures inhibit users' understanding. In another system targeted at network diagnosis, Mansmann et al observe that automated tools alone are limited in utility without effective presentation of results [26]. Like many other network monitoring efforts, however, the proposed solution primarily focuses on improving display of the underlying data rather than the output of an automated tool.…”

Section: Visualization For System Diagnosismentioning

confidence: 99%

“…Though complete automation would be ideal, the complexity of modern systems and the problems that arise in them ensure that this human-in-the-loop model will be dominant for the foreseeable future. As such, many researchers recognize the need for localization tools to present their results as clearly as possible [26,29]. But apart from from a few select instances [23,26], little research has been conducted on how to do so.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Visualizing Request-Flow Comparison to Aid Performance Diagnosis in Distributed Systems

Sambasivan

Shafer

Mazurek

et al. 2013

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

Distributed systems are complex to develop and administer, and performance problem diagnosis is particularly challenging. When performance decreases, the problem might be in any of the system's many components or could be a result of poor interactions among them. Recent research has provided the ability to automatically identify a small set of most likely problem locations, leaving the diagnoser with the task of exploring just that set. This paper describes and evaluates three approaches for visualizing the results of a proven technique called "request-flow comparison" for identifying likely causes of performance decreases in a distributed system. Our user study provides a number of insights useful in guiding visualization tool design for distributed system diagnosis. For example, we find that both an overlay-based approach (e.g., diff) and a side-by-side approach are effective, with tradeoffs for different users (e.g., expert vs. not) and different problem types. We also find that an animation-based approach is confusing and difficult to use. Keywords: distributed systems, performance diagnosis, request-flow comparison, user study, visualization

show abstract

Section: Visualization For System Diagnosismentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Visualizing Request-Flow Comparison to Aid Performance Diagnosis in Distributed Systems

Sambasivan

Shafer

Mazurek

et al. 2013

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

show abstract

“…However, such layouts are highly application dependent. Additional work has been done in attempts to understand flow across a network by comparing graph-based flow visualization with TreeMaps for local network monitoring [19]. Here too, both the problem space and necessary analysis techniques are highly application dependent.…”

Section: Visualizations Of Network Trafficmentioning

confidence: 99%

Visualizing Network Traffic to Understand the Performance of Massively Parallel Simulations

Landge

Levine

Bhatelé

et al. 2012

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

Fig. 1. Network traffic resulting from two different runs of the parallel simulation pF3D. This simulation models laser plasma interaction inside of a hohlraum chamber by decomposing the domain into a set of blocks (left). Depending on how data blocks are mapped to processor cores (middle), different communication patterns occur. When staggering data placement (bottom right) we observe significantly more balanced communication compared to a default mapping similar to how the domain is decomposed (top right).Abstract-The performance of massively parallel applications is often heavily impacted by the cost of communication among compute nodes. However, determining how to best use the network is a formidable task, made challenging by the ever increasing size and complexity of modern supercomputers. This paper applies visualization techniques to aid parallel application developers in understanding the network activity by enabling a detailed exploration of the flow of packets through the hardware interconnect. In order to visualize this large and complex data, we employ two linked views of the hardware network. The first is a 2D view, that represents the network structure as one of several simplified planar projections. This view is designed to allow a user to easily identify trends and patterns in the network traffic. The second is a 3D view that augments the 2D view by preserving the physical network topology and providing a context that is familiar to the application developers. Using the massively parallel multi-physics code pF3D as a case study, we demonstrate that our tool provides valuable insight that we use to explain and optimize pF3D's performance on an IBM Blue Gene/P system.

show abstract

“…By dividing the display area into a nested sequence of rectangles whose areas are associated to attributes of the data set, it effectively illustrates the structural information with slices and dices. TreeMaps have been applied to a wide variety of domains ranging from financial analysis [23], petroleum engineering [24] to network security analysis [25]. Some studies have focused on specialized techniques to visualize large number items on a TreeMap without aggregation [26].…”

Section: Treemapsmentioning

confidence: 99%

QuizMap: Open Social Student Modeling and Adaptive Navigation Support with TreeMaps

Brusilovsky

Hsiao

Folajimi

2011

Towards Ubiquitous Learning

View full text Add to dashboard Cite

Abstract. In this paper, we present a novel approach to integrate social adaptive navigation support for self-assessment questions with an open student model using QuizMap, a TreeMap-based interface. By exposing student model in contrast to student peers and the whole class, QuizMap attempted to provided social guidance and increase student performance. The paper explains the nature of the QuizMap approach and its implementation in the context of selfassessment questions for Java programming. It also presents the design of a semester-long classroom study that we ran to evaluate QuizMap and report the evaluation results.

show abstract

Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations

Cited by 42 publications

References 18 publications

Visualizing Request-Flow Comparison to Aid Performance Diagnosis in Distributed Systems

Visualizing Request-Flow Comparison to Aid Performance Diagnosis in Distributed Systems

Visualizing Network Traffic to Understand the Performance of Massively Parallel Simulations

QuizMap: Open Social Student Modeling and Adaptive Navigation Support with TreeMaps

Contact Info

Product

Resources

About