Graphics Reference
In-Depth Information
Figure 4-25:
With this parallel coordinates visualization, you can view
network security log file data with one attack type highlighted.
In
Figure 4-25
, anonymous network security data is plotted with the vertical
axes representing source country, source computer, target computer,
sequence, time (in seconds), attack type, and target country. The thin
colored lines zigzagging across represent individual rows from the log file,
with color indicating the attack type. In the snapshot, one attack type
(registry reads) has been highlighted as bright red lines. The red lines
emanate from one source country in the upper left and proceed through a
few source computers (where the red lines cross the second axis “source”)
and primarily attach only a few target computers (where the red lines cross
the third axis “target”). These attacks have occurred throughout the overall
sequence and timeframe (where the red lines cross the fourth axis and fifth
axis). The sixth axis is the attack type, and all of these lines are of the same
attack type, and, therefore, all meet at one point.
In practice, parallel coordinate plots are used interactively to isolate data
of interest, either by direct interaction with the plot—such as the click on
the particular attack type as discussed previously—or via clicks on adjacent
charts. Successive clicks can then be used to further isolate the data of
interest.
Following with the previous example, it seems that a few computers are
particularly targeted. These can be further isolated. In
Figure 4-26
, only one
