Radial Hierarchical Visualization

From InfoVis:Wiki
Revision as of 04:03, 23 July 2007 by Markus (talk | contribs) (Reverted edit of Xm1H76, changed back to last version by Markus)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Authors

Keim, Daniel

Mansmann, Florian

Schneidewind, Jörn

Schreck, Tobias

Short Description

The Radial Traffic Analyzer display is perfectly suitable to show grouped information in the inner circles while presenting related detail information on the outer circles. It is complemented by appropriate interaction techniques like hints on mouse-over, drag & drop to adapt the order of the rings, filtering using clicks and details accessible via a popup menu.
Keim, Daniel et al., 2006


Suitable Data Types

Suitable data types for this information visualization technique are Internet Protocol packets.

Figures

The Radial Traffic Analyzer visualizes network traffic using a radial hierarchical layout. The radial visualization was chosen to display data with the same level of importance. Users interpreting a left-to-right layout may assign more importance to an item on one side due to the cultural reading direction. In the default configuration, the Radial Traffic Analyzer uses four concentrical rings, each one representing an attribute of the transferred packets.

The rings in this example show the following information, from the innermost to the outermost ring:
1. Source IP adress
2. Destination IP
3. Source port number
4. Destination port number.
The share in total traffic determines the size of a single circle segment. To improve readability, entries with the same value (e.g., the same IP, or the same port number) always use the same colour. Popular port numbers appear in reserved, unique colours (e.g. green is always used for port 80 - HTTP), which are not used again to display something else. Traffic over secured channels is shown in brighter colours, whereas traffic over unsecured channels appears in darker colour.

Circle segments are sorted on a ring, and grouped by the attributes on the inner rings. The next figure shows the design rationale:

The Radial Traffic Analyzer allows a variety of user interaction. Entries and their associated traffic can be filtered by single-clicking a circle segment. The order of the rings can be adapted to the users' needs, as well as the number of the rings, or their attributes. For example, the Radial Traffic Analyzer can be configured to display security alerts generated by an intrusion detection system:

As seen in the figure above, the innermost circle can be used to limit the source of network traffic to one specified country. For this purpose, the Radial Traffic Analizer uses the Maxmind’s GeoIP Database to evaluate the geo-location information. Geographical information is arranged on a treemap using the HistoMap algorithm; each geographical unit is matched to a rectangle. The amount of traffic determines the rectangle size.

Evaluation

As per April 2007, there are no evaluations or reference implementations of the Radial Traffic Analyzer.

References

[Keim, et. al. 2006] Daniel A. Keim, Florian Mansmann, Jörn Schneidewind, and Tobias Schreck: "Monitoring Network Traffic with Radial Traffic Analyzer", pages 123-128. IEEE Symposium on Visual Analytics Science and Technology 2006.

Evaluation References

A formal user study is pending as per April 2007. However, previous evaluations have been conducted, e.g.: