Database Reference
In-Depth Information
(a)
CH
4
> 0.3
(b)
temp
<3
(c)
CH
4
> 0.3 AND
temp
<4
Figure 9.13
(See color insert following page 224.) A visualization of flames
in a high-fidelity simulation of methane-air jet. The images show the cells in
a 3D block-structured dataset that were returned by three different queries.
9.5.2 Case Study—Network Trac Analysis
While our earlier work established the viability of the approach, particularly
when compared with the best search algorithms from the visualization commu-
nity, more recent work extends and applies these techniques to a “hero-sized”
problem. In this application, our objective is to perform interactive visual data
analysis of one year's worth of network connection data. The case study in
this work focuses on rapid drill-down using multiresolution histograms com-
puted by FastBit for the purposes of identifying the existence of a distributed
network scan attack, then for identifying the set of hosts participating in the
attack. The results of that study
37
,
38
show that this approach performs up to
four orders of magnitude faster than conventional techniques commonly used
in the field of network tra
c analysis.
The basic use model for this application, which is shown pictorially in Fig-
ure 9.14, is as follows: first, compute and display a histogram of trac levels
at a coarse granularity (each day over a 365-day period). Histogram display
is augmented with statistical analysis to help highlight anomalous behavior.
Next, through a visual user interface, “drill into” the data by allowing the
user to specify a temporal window of finer resolution. FastBit computes a new
histogram over the specified temporal window and at finer resolution, allow-
ing more details of the data to emerge. This process repeats until coherent
temporal patterns of the attack begin to emerge. Once the attack signature is
identified and confirmed to be a network scan (see Figure 9.15), FastBit can
quickly locate and return the network trac records that contain informa-
tion about hosts participating in the attack (see Stockinger et al.
37
for more
details).
In this work, FastBit was extended to support the rapid creation of mul-
tidimensional, conditional histograms. The implementation and performance
study was conducted on a parallel, shared-memory platform. The results of
