Supporting the Visualization and Analysis of Network Events

    Doantam Phan, Stanford HCI

Seminar on People, Computers, and Design
Stanford University January 11, 2008

The flow of traffic among computers on the Internet and the exchange of goods between countries are examples of causally connected measurable events in a network. Understanding the behavior of such networks often requires the ability to discover temporal connections among the events in a large data set. One challenge is that the volume of data makes it difficult to explore the data and organize the events into a narrative sequence. This dissertation contributes new interactive visualization techniques for analyzing, organizing, and presenting network event data at multiple levels of detail for the purpose of forensic analysis - tracking down causal sequences of importance.  

The first contribution is a technique that supports event analysis, called progressive multiples. Our techniques are instantiated in a system for network incident investigation, Isis, which we validated with a long-term collaboration and deployment with the principal network analyst of the EE and CS departments. The second contribution is a technique for automatically generating flow maps, which present summaries of network topology and behavior at a higher level than event plots and timelines. Our technique has been adopted by a diverse group of users to depict the flow of computer networks, documents, and international ecological trade.  

Doantam Phan has recently completed his Ph.D. in Computer Science at Stanford University. He studies Human-Computer Interaction, and was advised by Terry Winograd.

View this talk on line at CS547 on Stanford OnLine or using this video link.

Titles and abstracts for previous years are available by year and by speaker.