Wenbo Wang,Yuwei Li,Feng Wang,Xiaopei Liu,Youyi Zheng

DOI: https://doi.org/10.1109/iv.2018.00046

2018-01-01

Abstract:The exploration and analysis of data mining methodologies is an important task for effective knowledge discovery, especially in today's heterogeneous information networks. Previously presented approaches for mining optimization aim primarily at the improvements of time complexity, space complexity, accuracy, and robustness. We extend the state-of-the-art method by concentrating on user-availability and algorithm understandability. Specifically, we use Rankclus, a classic clustering algorithm as an example. After uncovering the unseen computing processes to be displayed in a visual form, the whole clustering processes are transparent to the users, which may help them more clearly and quickly understand how the algorithms are computed, how does each object influence one another. In addition, we use a density approach to intuitively simplify the discovery of data patterns, and through the visualized results, users can adjust algorithm parameters with or without professional training. Finally, we use another two visual techniques to improve the visualization quality: a heatmap matrix designed for checking the similarities of objects which are in the same cluster, and a DOItree implemented to further analyze the accuracy of the algorithms.

Nan Cao,Chaoguang Lin,Qiuhan Zhu,Yu-Ru Lin,Xian Teng,Xidao Wen

DOI: https://doi.org/10.1109/tvcg.2017.2744419

IF: 5.2

2018-01-01

IEEE Transactions on Visualization and Computer Graphics

Abstract:The increasing availability of spatiotemporal data continuously collected from various sources provides new opportunities for a timely understanding of the data in their spatial and temporal context. Finding abnormal patterns in such data poses significant challenges. Given that there is often no clear boundary between normal and abnormal patterns, existing solutions are limited in their capacity of identifying anomalies in large, dynamic and heterogeneous data, interpreting anomalies in their multifaceted, spatiotemporal context, and allowing users to provide feedback in the analysis loop. In this work, we introduce a unified visual interactive system and framework, Voila, for interactively detecting anomalies in spatiotemporal data collected from a streaming data source. The system is designed to meet two requirements in real-world applications, i.e., online monitoring and interactivity. We propose a novel tensor-based anomaly analysis algorithm with visualization and interaction design that dynamically produces contextualized, interpretable data summaries and allows for interactively ranking anomalous patterns based on user input. Using the “smart city” as an example scenario, we demonstrate the effectiveness of the proposed framework through quantitative evaluation and qualitative case studies.

Haishuai Wang,Peng Zhang,Ling Chen,Chengqi Zhang

DOI: https://doi.org/10.1007/978-3-319-19548-3_27

2015-01-01

Abstract:In this paper, we present our recent progress of designing a real-time system, SocialAnalysis, to discover and summarize emergent social events from social media data streams. In social networks era, people always frequently post messages or comments about their activities and opinions. Hence, there exist temporal correlations between the physical world and virtual social networks, which can help us to monitor and track social events, detecting and positioning anomalous events before their outbreakings, so as to provide early warning.The key technologies in the system include: (1) Data denoising methods based on multi-features, which screens out the query-related event data from massive background data. (2) Abnormal events detection methods based on statistical learning, which can detect anomalies by analyzing and mining a series of observations and statistics on the time axis. (3) Geographical position recognition, which is used to recognize regions where abnormal events may happen.

Kezhi Kong,Yuxin Ma,Chentao Ye,Junhua Lu,Xiqun Chen,Wei Zhang,Wei Chen

DOI: https://doi.org/10.2312/pg.20181281

2018-01-01

Abstract:Traffic flow prediction plays a significant role in Intelligent Transportation Systems (ITS). Due to the variety of prediction models, the prediction results form an intricate structure of ensembles and hence leave a challenge of understanding and evaluating the ensembles from different perspectives. In this paper, we propose a novel visual analytics approach for analyzing the predicted ensembles. Our approach models the uncertainty of different traffic flow prediction results. The variations of space, time, and network structures of those results are presented with the visualization designs. The visual interface provides a suite of interactions to enhance exploration of the ensembles. With the system, analysts can discover some intrinsic patterns in the ensemble. We use real-world urban traffic data to demonstrate the effectiveness of our system.

Xin Fan,Chenlu Li,Xiaoru Yuan,Xiaoju Dong,Jie Liang

DOI: https://doi.org/10.1007/s12650-019-00580-7

IF: 1.7

2019-01-01

Journal of Visualization

Abstract:Network anomaly detection is an important means for safeguarding network security. On account of the difficulties encountered in traditional automatic detection methods such as lack of labeled data, expensive retraining costs for new data and non-explanation, we propose a novel smart labeling method, which combines active learning and visual interaction, to detect network anomalies through the iterative labeling process of the users. The algorithms and the visual interfaces are tightly integrated. The network behavior patterns are first learned by using the self-organizing incremental neural network. Then, the model uses a Fuzzy c-means-based algorithm to do classification on the basis of user feedback. After that, the visual interfaces are updated to present the improved results of the model, which can help users to choose meaningful candidates, judge anomalies and understand the model results. The experiments show that compared to labeling without our visualizations, our method can achieve a high accuracy rate of anomaly detection with fewer labeled samples.

Li Zheng,Gang Yu,Yuntian Zheng

DOI: https://doi.org/10.1007/s11265-023-01836-0

2023-02-01

Journal of Signal Processing Systems

Abstract:Data visualization is an important approach for data analysis, which can reveal the patterns and characteristics of complex datasets through visual processing, and provide aid for data analysts. In recent years, with the expansion of Internet users and the rich diversity of various Internet applications, the importance of network security is increasing. In the field of network security data analysis, it is a developing direction to use data visualization methods and visual analysis tools to assist manual analysis. In this paper, a visualization system for network security data is designed and implemented, which is mainly based on network flow records and security policies. The node centrality measurement and high-dimensional data visualization methods are comprehensively applied, and an interactive visualization approach is proposed. The IP topology is presented in three different view modes: static analysis, temporal analysis and exploration analysis. In addition, the high-dimensional projection map takes flow, security policy and IP address as analysis objects and selects several dimensional features as indicators. After visual presentation, the distribution of the stream set and IP set contained in the record after projection in the selected dimension space can be obtained, so that the analyst can find the points with significant abnormal eigenvalue distribution, and deduce the possible situation based on this. After testing, the system can accept the new original data record file, and quickly generate the corresponding visualization content, which can be used for the visualization analysis of network security optimization tool software, and has been used in the actual system.

computer science, information systems,engineering, electrical & electronic

Han Dongming,Pan Jiacheng,Pan Rusheng,Zhou Dawei,Cao Nan,He Jingrui,Xu Mingliang,Chen Wei

DOI: https://doi.org/10.1007/s11704-020-0013-1

IF: 2.6688

2021-01-01

Frontiers of Computer Science

Abstract:Multivariate dynamic networks indicate networks whose topology structure and vertex attributes are evolving along time. They are common in multimedia applications. Anomaly detection is one of the essential tasks in analyzing these networks though it is not well addressed. In this paper, we combine a rare category detection method and visualization techniques to help users to identify and analyze anomalies in multivariate dynamic networks. We conclude features of rare categories and two types of anomalies of rare categories. Then we present a novel rare category detection method, called DIRAD, to detect rare category candidates with anomalies. We develop a prototype system called iNet, which integrates two major visualization components, including a glyph-based rare category identifier, which helps users to identify rare categories among detected substructures, a major view, which assists users to analyze and interpret the anomalies of rare categories in network topology and vertex attributes. Evaluations, including an algorithm performance evaluation, a case study, and a user study, are conducted to test the effectiveness of proposed methods.

Yang Shi,Yuyin Liu,Hanghang Tong,Jingrui He,Gang Yan,Nan Cao

DOI: https://doi.org/10.1109/tbdata.2020.2964169

2020-01-01

IEEE Transactions on Big Data

Abstract:With the pervasive use of information technologies, the increasing availability of data provides new opportunities for understanding user behaviors. Unearthing anomalies in user behavior is of particular importance as it helps signal harmful incidents such as network intrusions, terrorist activities, and financial frauds. In this article, we survey state-of-the-art research work in visual analytics of anomalous user behaviors and classify them into four application domains, which are social interaction, travel, network communication, and financial transaction. We further examine the research work in each category in terms of data types, visualization techniques, and interactive analysis methods. We hope that our survey can provide systematic guidelines for researchers and practitioners to find effective solutions to their research problems in specific application domains. Finally, we discuss trends of academic interest over the past decades and suggest potential directions across visual analytics of these user behaviors for future research.

Tao Zhang,Qi Liao,Lei Shi

DOI: https://doi.org/10.1109/PacificVis.2014.22

2014-01-01

Abstract:Large-scale networks have become increasingly challenging to manage. It is vital for a system administrator or network manager to be able to analyze the vast amount of log data in order to detect suspicious behaviors or patterns, possibly due to malicious users/applications or faulty devices. While an intrusion detection system (IDS) log can provide a large number of warnings, exactly which alarms are true while the others are false, and more importantly what are the underlying causes are still difficult to know. To bridge the gap between network log and anomaly discovery, we design and implement a visualization tool that combines multiple commodity visualizations with minimum learning curve. While each individual view is well understood, the effects of such views in analyzing network anomalies are not well studied. Since each visualization technique has advantages as well as limitations in addressing a particular task, we show that these views, when combined and linked together, may provide an effective and lightweight network anomaly analysis tool. The web-based open platform may simplify network administration as well as promote collaborative analysis among researchers.

Xuefei Tian,Chenlu Li,Aijuan Qian,Xiaoju Dong

DOI: https://doi.org/10.1109/ispa-bdcloud-socialcom-sustaincom51426.2020.00077

2020-01-01

Abstract:The network environment is increasingly complex, resulting in the explosive growth of network traffic logs. Discovering the patterns of these logs and detecting various cyber-attacks and anomalies have become a widespread concern. However, traditional network analysis techniques and Intrusion Detection System (IDS) have limited ability to identify and respond to the malicious activities hidden in dynamic and long-duration time series. This paper proposes a novel visual analysis system, combining visual analysis and machine learning model, to better reveal the pattern of various traffic logs, detect and classify abnormal network behaviors from enormous traffic logs. The system supports interactive exploration in data space and comparative analysis of the normal and abnormal pattern. It could help users analyze traffic logs conveniently and identify network intrusions efficiently. Besides, a supervised classifier in our system supports the prediction of a single traffic log which facilitates users' analysis of the patterns of traffic logs. A case study conducted on the CICIDS-2017 dataset demonstrates the feasibility of our system.

ZHANG Haocheng,WU Xiaojie,TANG Xiang,SHU Runxuan,DING Tianchen,DONG Xiaoju

DOI: https://doi.org/10.11959/j.issn.2096-109x.2018015

2018-01-01

Abstract:With the fast development of information technology and computer network, the scale and complexity of network security data grows rapidly. Traditional visualization techniques are no longer suitable. In addition, it designs interactive functions based on the feature of network security analysis, in order to assist the network security analyst. The existing approaches for network security visualization have some defects, which fail to provide a good indication of network security data in terms of timing and also fail to display information completely and realize user-friendly interaction. A multi-view network security visualization system was proposed, which provided the analysts of both the static status and dynamic changes of the network by combining the force-oriented model and the staged animation. It provides comprehensive information with display and filter of protocols, IP segment and port. The system on Shanghai Network database were evaluated.

Jian Huang,Xiushan Zhang

DOI: https://doi.org/10.1109/ccet.2018.8542190

2018-01-01

Abstract:In recent years, with the rapid development of computer science and information technology, the world is filled and propelled of time-varying and multivariate data. The enormous growth of data in the last decades led to big data challenge in the network security field. Traditional visual analysis method for the time-varying network is inadequate. Efficient methods for visual clutter reduction, network structure exploration and network behavior detection are needed. In this paper, we propose two methods: A triangular-based algorithm for time-varying behavior presentation and an improved brush PCP aims to assist the visual analysis task in time-varying network pattern detection. A synthetic visual analysis system is designed and implemented on the basis of these two novel methods. Our system is capable of visually analyzing vast amounts of network data. To better describe and demonstrate the usefulness and performance of our system, we utilize the ChinaVis2015 Challenge dataset as a case study.

Qinpei Zhao,Yinjia Zhang,Yang Shi,Jiangfeng Li

DOI: https://doi.org/10.1007/978-3-030-19861-9_2

2019-01-01

Abstract:The traffic among the hosts and behaviors of the anomalous hosts in the network is usually complex. In network traffic, there is a key problem that is how to identify the security incidents. The corresponding question that who have contributed to the incidents is arisen then. A method, which detects both anomalies and events at the same time is quite helpful. A data from network traffic can be composed of the hosts and different attributes (traffic flow like amount of upload package and download package) in time series. Based on the structure of the network traffic data, we propose an anomaly and event detection method based on the network attributes in time series. The method analyzes both the host’s behavior and the temporal features of the network traffic.

Jia-cheng Pan,Dong-ming Han,Fang-zhou Guo,Da-wei Zhou,Nan Cao,Jing-rui He,Ming-liang Xu,Wei Chen

DOI: https://doi.org/10.1631/fitee.1900310

IF: 2.526

2020-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:A dynamic network refers to a graph structure whose nodes and/or links dynamically change over time. Existing visualization and analysis techniques focus mainly on summarizing and revealing the primary evolution patterns of the network structure. Little work focuses on detecting anomalous changing patterns in the dynamic network, the rare occurrence of which could damage the development of the entire structure. In this study, we introduce the first visual analysis system RCAnalyzer designed for detecting rare changes of sub-structures in a dynamic network. The proposed system employs a rare category detection algorithm to identify anomalous changing structures and visualize them in the context to help oracles examine the analysis results and label the data. In particular, a novel visualization is introduced, which represents the snapshots of a dynamic network in a series of connected triangular matrices. Hierarchical clustering and optimal tree cut are performed on each matrix to illustrate the detected rare change of nodes and links in the context of their surrounding structures. We evaluate our technique via a case study and a user study. The evaluation results verify the effectiveness of our system.

Yixian Zheng,Wenchao Wu,Huamin Qu,Chunyan Ma,Lionel M. Ni

DOI: https://doi.org/10.1109/bigdata.2015.7363802

2015-01-01

Abstract:The availability of massive volumes of trajectory data has made it convenient for the study of different types of movement behaviors. Among them, bi-directional movement behaviors exist ubiquitously in our daily life, from urban traffic to animal migration, and from sports to wars. To analyze bi-directional movement behaviors, people need to compare movements in two directions simultaneously for detecting similarities or differences in the movement patterns. If the movement involves tens of thousands items like vehicles or bird migration during a ten-year time span, the comparisons need to be done at both macro level and micro level. Due to the complexities of data and the challenges of analytical tasks, visual analytics is often used to take full advantage of machines' computational power as well as human's domain knowledge and cognitive abilities. In this paper, we present a comprehensive visual analytics system with three major visualization modules, including Global View, OD-pair Flow View and Isotime Storyline View, to depict bi-directional movement behaviors in a novel way, which enables a three-level exploration to help users gain insights into both macro and micro patterns. Quantitative analyses (e.g. movement model construction, modular Dol specification and key node extraction) and intuitive visualizations (e.g. parallelized flow map, bidirectional storyline chart with contour map and multi-layer heat map) are integrated into our system to provide an efficient and intuitive solution to the analysis of bi-directional movement behaviors based on big movement data. Case studies with two real-world datasets and expert interviews are carried out to demonstrate the effectiveness and usefulness of our system.

Xin Fan,Wenjie Luo,Xiaoju Dong,Rui Su

DOI: https://doi.org/10.1007/978-981-13-2203-7_45

2018-01-01

Abstract:Analyzing network data is one of the important means to safeguard network security. However, how to detect anomalies and trace back the origin of attacks in the enlarging scale of network data is still a challenge now. This paper designs and implements a network visualization system, which meets three main requirements: the situation awareness of the whole network, the rapid detection of anomalies, and the track of attack source. To combine multiple visualization technologies reasonably, the system provides information from three levels. It also uses unsupervised learning methods to detect anomalies in different ways. Therefore, the system enhances the ability of identifying abnormal behaviors from network data. Its efficiency is tested by the usage of data in the ChinaVis 2016.

Huaquan Hu,Hanchen Song,Lingda Wu,y u ronghuan

DOI: https://doi.org/10.1109/ICVRV.2014.5

2014-01-01

Abstract:The dynamic nature of space-based networks poses a significant challenge of visualizing and analyzing its topological structure and metrics. In this paper, a hybrid visual analytics approach is proposed to assist researchers to gain an insight into dynamic space-based networks. Three core components are integrated into the visual analytics approach: first, a visual model based on filmstrip metaphor is proposed, which employs online graph layout algorithm to visualize the latest time slice and utilizes offline algorithm to analyze the previous time slices within some observation window, then, we present a dynamic network layout strategy based on regularized graph layout framework that the independent structure of sub networks is taken into account to produce more interpretable layouts, finally, two significant network metrics with respecting to time-varying paths, i.e., reach ability and edge between ness centrality, are visualized and analyzed. The proposed hybrid visual analytics approach can be applied to some representative space-based networks to illustrate the benefit of visualization and analysis for producing reasonable and comprehensible results.

Jiawan Zhang,Liang Li,Liangfu Lu,Ning Zhou

DOI: https://doi.org/10.1109/sectech.2008.47

2008-01-01

Abstract:Network scans visualization provides very effective means for to detection large scale network scans. Many visualization methods have been developed to monitor network traffic, but all the techniques or tools still heavily rely on human detection. They seldom consider the importance of network event characteristics to the network data visualization, and cannot detect slow scans, hidden scans etc. In this paper a visual interactive network scans detection system called ScanViewer is designed to represent traffic activities that reside in network flows and their patterns. The ScanViewer combines the characteristics of network scan with novel visual structures, and utilizes a set of different visual concepts to map the collected datagram to the graphs that emphasize their patterns. Additionally, a new tool named localport is designed for to capture large-scale ports information. The experiments show that ScanViewer can not only detect network scans, port scans, distributed port scans, but also can detect the hidden scans etc.

Yang Liu,Linfeng Zhang,Y. Guan

DOI: https://doi.org/10.1109/ICDCS.2010.45

2010-06-21

Abstract:Internet has become an essential part of the daily life for billions of users worldwide, who are using a large variety of network services and applications everyday. However, there have been serious security problems and network failures that are hard to resolve, for example, botnet attacks, polymorphic worm/virus spreading, DDoS, and flash crowds. To address many of these problems, we need to have a network-wide view of the traffic dynamics, and more importantly, be able to detect traffic anomalies in a timely manner. Spatial analysis methods have been proved to be effective in detecting network-wide traffic anomalies that are not detectable at a single monitor. To our knowledge, Principle Component Analysis (PCA) is the best-known spatial detection method for the coordinated low-profile traffic anomalies. However, existing PCA-based solutions have scalability problems in that they require linear running time and space to analyze the traffic measurements within a sliding window, which makes it often infeasible to be deployed for monitoring large-scale high-speed networks. We propose a sketch-based streaming PCA algorithm for the network-wide traffic anomaly detection in a distributed fashion. Our algorithm only requires logarithmic running time and space at both local monitors and Network Operation Centers (NOCs), and can detect both high-profile and coordinated low-profile traffic anomalies with bounded errors.

Computer Science

Chufan Lai,Qiangqiang Liu,Lu Feng,Chenglei Yue,Xi Chen,Yang Hu,Zhanyi Wang,Pengju Teng,Xiaoru Yuan

DOI: https://doi.org/10.1109/vast.2017.8585432

2017-01-01

Abstract:In VAST Challenge 2017, we propose an interactive and collaborative visual analytic system for the analysis of traffic sensor data. Our system fully incorporates the power of spatial-temporal visualization, sequence mining techniques and collaborative analysis. It allows users to conduct multi-facet and interactive data analysis in a highly efficient way. We discuss technical details in this report, and demonstrate the effectiveness of our system via convincing cases.