Interactive Analysis of Computer Scenarios through Parallel Coordinates Graphics

  • Gabriel D. Cavalcante
  • Sebastien Tricaud
  • Cleber P. Souza
  • Paulo Lício de Geus
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7336)


A security analyst plays a key role in tackling unusual incidents, which is an extenuating task to be properly done, a single service can generate a massive amount of log data in a single day. The analysis of such data is a challenge. Among several available techniques, parallel coordinates have been widely used for visualization of high-dimensional datasets and are also highly suited to plot graphs with a huge number of data points. Unusual conditions and rare events may be revealed in parallel coordinates graph when they are interactively visualized, which is a good feature for the analyst to count on. To address that, we developed the Picviz-GUI tool, adding interactivity to the visualization of parallel coordinates graph. With Picviz-GUI one can shape a graph to reduce visual clutter and to help finding patterns. With a set of simple actions, such as filtering, changing line thickness and color, and selections, the user can highlight the desired information, search through the variables for that subtle data correlation. Picviz-GUI visualization helps the security analyst to understand complex and innovative attacks, to later tune automatized classification systems. This article shows how features on top of parallel coordinates graph can be effective to uncover complex security issues.


Dictionary Attack Command Line Interface Security Analyst Computer Scenario Visual Clutter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Picviz homepage (2010)Google Scholar
  2. 2.
    Conti, G., Abdullah, K., Grizzard, J., Stasko, J., Copeland, J.A., Ahamad, M., Owen, H.L., Lee, C.: Countering security information overload through alert and packet visualization. IEEE Computer Graphics and Applications 26(2), 60–70 (2006)CrossRefGoogle Scholar
  3. 3.
    da Silva Kauer, A.L., Meiguins, B.S., do Carmo, R.M.C., de Brito Garcia, M., Meiguins, A.S.G.: An information visualization tool with multiple coordinated views for network traffic analysis. In: 12th International Conference on Information Visualisation, IV 2008, pp. 151–156. IEEE (2008)Google Scholar
  4. 4.
    Inselberg, A., Dimsdale, B.: Parallel coordinates: a tool for visualizing multi-dimensional geometry. In: Proceedings of the 1st Conference on Visualization 1990, p. 378. IEEE Computer Society Press (1990)Google Scholar
  5. 5.
    Krasser, S., Conti, G., Grizzard, J., Gribschaw, J., Owen, H.: Real-time and forensic network data analysis using animated and coordinated visualization. In: Proceedings from the Sixth Annual IEEE SMC on Information Assurance Workshop, IAW 2005, pp. 42–49. IEEE (2005)Google Scholar
  6. 6.
    Kruse, W.G., Heiser, J.G.: Computer forensics: incident response essentials. Addison-Wesley (2008)Google Scholar
  7. 7.
    Lee, C.P., Copeland, J.A.: Flowtag: a collaborative attack-analysis, reporting, and sharing tool for security researchers. In: Proceedings of the 3rd International Workshop on Visualization for Computer Security, pp. 103–108. ACM (2006)Google Scholar
  8. 8.
    Notsu, H., Okada, Y., Akaishi, M., Niijima, K.: Time-tunnel: Visual analysis tool for time-series numerical data and its extension toward parallel coordinates. In: Proceedings of the International Conference on Computer Graphics, Imaging and Visualization, pp. 167–172. IEEE Computer Society (2005)Google Scholar
  9. 9.
    Ramsbrock, D., Berthier, R., Cukier, M.: Profiling attacker behavior following ssh compromises, pp. 119–124 (June 2007)Google Scholar
  10. 10.
    Solka, J.L., Marchette, D.J., Wallet, B.C.: Statistical visualization methods in intrusion detection. Computing Science and Statistics 32, 16–24 (2000)Google Scholar
  11. 11.
    Thames, J.L., Abler, R., Keeling, D.: A distributed active response architecture for preventing ssh dictionary attacks, pp. 84–89 (April 2008)Google Scholar
  12. 12.
    Tricaud, S., Saadé, P.: Applied parallel coordinates for logs and network traffic attack analysis. Journal in Computer Virology 6(1), 1–29 (2010)CrossRefGoogle Scholar
  13. 13.
    Tufte, E.R., Goeler, N.H., Benson, R.: Envisioning information, vol. 21. Graphics Press Cheshire, CT (1990)Google Scholar
  14. 14.
    Tufte, E.R., Howard, G.: The visual display of quantitative information, vol. 7. Graphics press Cheshire, CT (1983)Google Scholar
  15. 15.
    Tufte, E.R., Weise Moeller, E.: Visual explanations: images and quantities, evidence and narrative. Graphics Press Cheshire, CT (1997)Google Scholar
  16. 16.
    Wegman, E.J.: Hyperdimensional data analysis using parallel coordinates. Journal of the American Statistical Association, 664–675 (1990)Google Scholar
  17. 17.
    Yang, J., Peng, W., Ward, M.O., Rundensteiner, E.A.: Interactive hierarchical dimension ordering, spacing and filtering for exploration of high dimensional datasets (2003)Google Scholar
  18. 18.
    Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: Visflowconnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 26–34. ACM (2004)Google Scholar
  19. 19.
    Zhang, Y., Xiao, Y., Chen, M., Zhang, J., Deng, H.: A survey of security visualization for computer network logs. In: Security and Communication Networks (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Gabriel D. Cavalcante
    • 1
  • Sebastien Tricaud
    • 2
  • Cleber P. Souza
    • 1
  • Paulo Lício de Geus
    • 1
  1. 1.Institute of ComputingUniversity of CampinasCampinasBrazil
  2. 2.Picviz LabsEcullyFrance

Personalised recommendations