Evaluating visualization approaches to detect abnormal activities in network traffic data

Designing innovative approaches to detect intrusive network activities is considered as one of the most significant research topics in network security. Various computational methods are proposed to discover unknown attacks, but validating suspicious activities and understanding their unique characteristics are still difficult. To address this limitation, several visualization systems have been designed, which aim to enhance the ability of understanding data visually. However, the effectiveness of visualization techniques for network traffic data analysis has not been fully examined. In this paper, we performed in-depth literature review on visualization techniques for network traffic data analysis. From the review, we identified four key approaches that should be utilized in designing an effective network traffic visualization system: data filtration and transformation, pixel-based visualization, graph representation, and coordinated multi-views. To determine the effectiveness of the four visualization approaches, we developed several prototype visualizations and examined the complexity of implementation, requirement of data preprocessing, understandability of network patterns, and identifiability of abnormal network events.