COMBINING VISUALIZATION AND INTERACTION FOR SCALABLE DETECTION OF ANOMALIES IN NETWORK DATA

This paper examines the application of visualization to identify and analyze sophisticated network attacks. Given the size and chaotic nature of this type of data needing to be analyzed in order to identify such attacks, novel integrations of visualization and interaction are required. Essentially, the design of the visualization technique had to be performed hand in hand with interaction techniques to ensure that should clusters of activity be identified and need analysis then the user would be able to interact with those clusters. This differs from most visualization work which does not allow for such direct manipulation and thus greatly limits the usability of many techniques for this type of data. This paper discusses the developed visualization techniques and present real world data examples in which both injected and actual attacks are identified. This identification required the examination and removal from consideration, activity deemed to be innocuous.