TY - JOUR
T1 - Visual analysis of collective anomalies using faceted high-order correlation graphs
AU - Yan, Jia
AU - Shi, Lei
AU - Tao, Jun
AU - Yu, Xiaolong
AU - Zhuang, Zhou
AU - Huang, Congcong
AU - Yu, Rulei
AU - Su, Purui
AU - Wang, Chaoli
AU - Chen, Yang
N1 - Publisher Copyright:
© 1995-2012 IEEE.
PY - 2020/7/1
Y1 - 2020/7/1
N2 - Successfully detecting, analyzing, and reasoning about collective anomalies is important for many real-life application domains (e.g., intrusion detection, fraud analysis, software security). The primary challenges to achieving this goal include the overwhelming number of low-risk events and their multimodal relationships, the diversity of collective anomalies by various data and anomaly types, and the difficulty in incorporating the domain knowledge of experts. In this paper, we propose the novel concept of the faceted High-Order Correlation Graph (HOCG). Compared with previous, low-order correlation graphs, HOCG achieves better user interactivity, computational scalability, and domain generality through synthesizing heterogeneous types of objects, their anomalies, and the multimodal relationships, all in a single graph. We design elaborate visual metaphors, interaction models, and the coordinated multiple view based interface to allow users to fully unleash the visual analytics power of the HOCG. We conduct case studies for three application domains and collect feedback from domain experts who apply our method to these scenarios. The results demonstrate the effectiveness of the HOCG in the overview of point anomalies, the detection of collective anomalies, and the reasoning process of root cause analyses.
AB - Successfully detecting, analyzing, and reasoning about collective anomalies is important for many real-life application domains (e.g., intrusion detection, fraud analysis, software security). The primary challenges to achieving this goal include the overwhelming number of low-risk events and their multimodal relationships, the diversity of collective anomalies by various data and anomaly types, and the difficulty in incorporating the domain knowledge of experts. In this paper, we propose the novel concept of the faceted High-Order Correlation Graph (HOCG). Compared with previous, low-order correlation graphs, HOCG achieves better user interactivity, computational scalability, and domain generality through synthesizing heterogeneous types of objects, their anomalies, and the multimodal relationships, all in a single graph. We design elaborate visual metaphors, interaction models, and the coordinated multiple view based interface to allow users to fully unleash the visual analytics power of the HOCG. We conduct case studies for three application domains and collect feedback from domain experts who apply our method to these scenarios. The results demonstrate the effectiveness of the HOCG in the overview of point anomalies, the detection of collective anomalies, and the reasoning process of root cause analyses.
KW - Correlation graph visualization
KW - collective anomaly
UR - https://www.scopus.com/pages/publications/85059045688
U2 - 10.1109/TVCG.2018.2889470
DO - 10.1109/TVCG.2018.2889470
M3 - 文章
C2 - 30582546
AN - SCOPUS:85059045688
SN - 1077-2626
VL - 26
SP - 2517
EP - 2534
JO - IEEE Transactions on Visualization and Computer Graphics
JF - IEEE Transactions on Visualization and Computer Graphics
IS - 7
M1 - 8587186
ER -