Radial Hierarchical Visualization
Authors
Jörn Schneidewind
Tobias Schreck
Short Description
Suitable Datatypes
Suitable Datatypes for this information visualization technique are Internet Protocol packets.
Figures
The Radial Traffic Analyzer visualizes network traffic in a radial hierarchical layout. In the default configuration the Radial Traffic Analyzer uses four concentrical rings, each representing one attribute of the transferred packets.
The first ring shows the IP adresses of the packet source, the second ring shows the destination IP, the third ring shows the source port number and the outermost ring the destination port number. The size of the area of each entry specifies the fraction of the traffic payloads. To improve the readability, entries with the same values (same IP or same port number) are drawn in the same colour, entries of prominent ports in unique colours (e.g. port 80 - HTTP or port 110 - POP3) and traffic over secured channels is shown in brighter colours.
Each ring uses the rings further inside for grouping and sorting, as shown in the next figure:
The Radial Traffic Analyzer allows a lot of user interactions. The order of the rings can be changed adapted to the users needs, as well as the number of the rings or their attribute types. For example, the Radial Traffic Analyzer can be configured to show up security alerts generated by an intrusion detection system:
As seen in the figure above, the innermost circle can be used to limit the visualization of network traffic to one specified country. For that purpose, the Radial Traffic Analizer uses the Maxmind’s GeoIP Database to evaluate the geo-location information, parts the available display space into rectangles using the HistoMap algorithm and assigns each country to one rectangle. The bigger the rectangles the higher the traffic payloads from or to each country.
Evaluation
Up to April 2007 there hasn't been any evaluations or implementations of the Radial Traffic Analyzer.