Radial Hierarchical Visualization: Difference between revisions

From InfoVis:Wiki
Jump to navigation Jump to search
m Reverted edit of Xm1H76, changed back to last version by Markus
 
(9 intermediate revisions by 3 users not shown)
Line 17: Line 17:
== Figures ==
== Figures ==


The Radial Traffic Analyzer visualizes network traffic using a radial hierarchical layout. The radial visualization was chosen to avoid the user assigning more importance to an item due to its position on the left or on the right. In the default configuration, the Radial Traffic Analyzer uses four concentrical rings, each one representing an attribute of the transferred packets.
The Radial Traffic Analyzer visualizes network traffic using a radial hierarchical layout. The radial visualization was chosen to display data with the same level of importance. Users interpreting a  left-to-right layout may assign more importance to an item on one side due to the cultural reading direction. In the default configuration, the Radial Traffic Analyzer uses four concentrical rings, each one representing an attribute of the transferred packets.


[[Image:Rta_small.jpg]]
[[Image:Rta_small.jpg]]


The innermost ring shows the source IP adress contained in the packet, the second ring shows the destination IP, the third ring shows the source port number, and the outermost ring the destination port number. The size of a circle segment specifies the portion of the total traffic payload. To improve readability entries with the same values (same IP or same port number) are drawn using the same colour. Entries of popular port numbers appear in unique colours (e.g. green is always used for port 80 - HTTP). Traffic over secured channels is shown in brighter colours, whereas traffic over unsecured channels is usually displays in darker colour.
The rings in this example show the following information, from the innermost to the outermost ring:<br>
1. Source IP adress<br>
2. Destination IP<br>
3. Source port number<br>
4. Destination port number. <br>
The share in total traffic determines the size of a single circle segment. To improve readability, entries with the same value (e.g., the same IP, or the same port number) always use the same colour. Popular port numbers appear in reserved, unique colours (e.g. green is always used for port 80 - HTTP), which are not used again to display something else. Traffic over secured channels is shown in brighter colours, whereas traffic over unsecured channels appears in darker colour.


The values on each ring are grouped by the attributes on the inner rings. Values are sorted on a ring. The next figure shows the design rationale:
Circle segments are sorted on a ring, and grouped by the attributes on the inner rings. The next figure shows the design rationale:


[[Image:Rta_sort.jpg]]
[[Image:Rta_sort.jpg]]
Line 36: Line 41:


== Evaluation ==
== Evaluation ==
 
As per April 2007, there are no evaluations or reference implementations of the Radial Traffic Analyzer.
Up to April 2007 there hasn't been any evaluations or implementations of the Radial Traffic Analyzer.


== References ==
== References ==
 
[Keim, et. al. 2006] Daniel A. Keim, Florian Mansmann, Jörn Schneidewind, and Tobias Schreck: [http://infovis.uni-konstanz.de/members/schreck/tsprojects/papers/vast06.pdf "Monitoring Network Traffic with Radial Traffic Analyzer"], pages 123-128. IEEE Symposium on Visual Analytics Science and Technology 2006.
*[Keim, et al., 2006] Keim, D.A.; Mansmann, F.; Schneidewind, J.; Schreck, T.; [http://infovis.uni-konstanz.de/members/schreck/tsprojects/papers/vast06.pdf "Monitoring Network Traffic with Radial Traffic Analyzer"], Visual Analytics And Technology, 2006 IEEE Symposium On Oct. 2006 Page(s):123 - 128


== Evaluation References ==
== Evaluation References ==
A formal user study is pending as per April 2007. However, previous evaluations have been conducted, e.g.:


*[Komlodi, et. al., 2005] Komlodi, A.; Rheingans, P.; Ayachit, U.; Goodall, J.R.; Joshi, A.; [http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1566119 "A User-centered Look at Glyph-based Security Visualization"],  Visualization for Computer Security, IEEE Workshops on Publication Date: 26 Oct. 2005 On page(s): 3- 3
*[Komlodi, et. al., 2005] Komlodi, A.; Rheingans, P.; Ayachit, U.; Goodall, J.R.; Joshi, A.; [http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1566119 "A User-centered Look at Glyph-based Security Visualization"],  Visualization for Computer Security, IEEE Workshops on Publication Date: 26 Oct. 2005 On page(s): 3- 3

Latest revision as of 04:03, 23 July 2007

Authors

Keim, Daniel

Mansmann, Florian

Schneidewind, Jörn

Schreck, Tobias

Short Description

The Radial Traffic Analyzer display is perfectly suitable to show grouped information in the inner circles while presenting related detail information on the outer circles. It is complemented by appropriate interaction techniques like hints on mouse-over, drag & drop to adapt the order of the rings, filtering using clicks and details accessible via a popup menu.
Keim, Daniel et al., 2006


Suitable Data Types

Suitable data types for this information visualization technique are Internet Protocol packets.

Figures

The Radial Traffic Analyzer visualizes network traffic using a radial hierarchical layout. The radial visualization was chosen to display data with the same level of importance. Users interpreting a left-to-right layout may assign more importance to an item on one side due to the cultural reading direction. In the default configuration, the Radial Traffic Analyzer uses four concentrical rings, each one representing an attribute of the transferred packets.

The rings in this example show the following information, from the innermost to the outermost ring:
1. Source IP adress
2. Destination IP
3. Source port number
4. Destination port number.
The share in total traffic determines the size of a single circle segment. To improve readability, entries with the same value (e.g., the same IP, or the same port number) always use the same colour. Popular port numbers appear in reserved, unique colours (e.g. green is always used for port 80 - HTTP), which are not used again to display something else. Traffic over secured channels is shown in brighter colours, whereas traffic over unsecured channels appears in darker colour.

Circle segments are sorted on a ring, and grouped by the attributes on the inner rings. The next figure shows the design rationale:

The Radial Traffic Analyzer allows a variety of user interaction. Entries and their associated traffic can be filtered by single-clicking a circle segment. The order of the rings can be adapted to the users' needs, as well as the number of the rings, or their attributes. For example, the Radial Traffic Analyzer can be configured to display security alerts generated by an intrusion detection system:

As seen in the figure above, the innermost circle can be used to limit the source of network traffic to one specified country. For this purpose, the Radial Traffic Analizer uses the Maxmind’s GeoIP Database to evaluate the geo-location information. Geographical information is arranged on a treemap using the HistoMap algorithm; each geographical unit is matched to a rectangle. The amount of traffic determines the rectangle size.

Evaluation

As per April 2007, there are no evaluations or reference implementations of the Radial Traffic Analyzer.

References

[Keim, et. al. 2006] Daniel A. Keim, Florian Mansmann, Jörn Schneidewind, and Tobias Schreck: "Monitoring Network Traffic with Radial Traffic Analyzer", pages 123-128. IEEE Symposium on Visual Analytics Science and Technology 2006.

Evaluation References

A formal user study is pending as per April 2007. However, previous evaluations have been conducted, e.g.: