Interactive analysis of computer scenarios through parallel coordinates graphics

Abstract

A security analyst plays a key role in tackling unusual incidents, which is an extenuating task to be properly done, a single service can generate a massive amount of log data in a single day. The analysis of such data is a challenge. Among several available techniques, parallel coordinates have been widely used for visualization of high-dimensional datasets and are also highly suited to plot graphs with a huge number of data points. Unusual conditions and rare events may be revealed in parallel coordinates graph when they are interactively visualized, which is a good feature for the analyst to count on. To address that, we developed the Picviz-GUI tool, adding interactivity to the visualization of parallel coordinates graph. With Picviz-GUI one can shape a graph to reduce visual clutter and to help finding patterns. With a set of simple actions, such as filtering, changing line thickness and color, and selections, the user can highlight the desired information, search through the variables for that subtle data correlation. Picviz-GUI visualization helps the security analyst to understand complex and innovative attacks, to later tune automatized classification systems. This article shows how features on top of parallel coordinates graph can be effective to uncover complex security issues. © 2012 Springer-Verlag.