Entry Name: "PURDUE-Yang-MC3"
VAST 2013 Challenge
Mini-Challenge 3: Visual Analytics for Network Situation Awareness
Team
Members:
Baijian Yang, Purdue University, byang@purdue.edu
PRIMARY
Yingjie Chen, Purdue University, victorchen@purdue.edu
Marlen Promann, Purdue University, mpromann@purdue.edu
Weijie Wang, Purdue University, wang2056@purdue.edu
Student Team: NO
Analytic
Tools Used:
D3.js
May
we post your submission in the Visual Analytics Benchmark Repository after VAST
Challenge 2013 is complete?
YES
Video:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Questions
MC3.1
– Provide a timeline (i.e., events organized in chronological order) of the
notable events that occur in Big Marketing’s computer networks for the two
weeks of supplied data. Use all data at your disposal to identify up to twelve
events and describe them to the extent possible. Your answer should be no more than 1000 words long and may
contain up to twelve images.
In the first
week, around Apr04, severs in the network are busier than ever before.
In the second
week, the network is less stable than the first weeks. From the BigBrother
data, in the seconds weeks, many workstations and servers ‘s status is “2” or
“3”, not in the healthy status. This is mainly because the network flow is much
more in the second week than the first week.
MC3.2
– Speculate on one or more narratives that describe the events on the
network. Provide a list of analytic hypotheses and/or unanswered questions
about the notable events. In other words, if you were to hand off your timeline
to an analyst who will conduct further investigation, what confirmations and/or
answers would you like to see in their report back to you? Your answer should
be no more than 300 words long and may contain up to three additional images.
In the Saturday
of 2nd week, most
workstations are not working or at very low work level. Only five or six
workstations have significant download and upload usage, indicating they are
still in use. In the visualization, this can be easily detected. I have talked
this in the video.
MC3.3
– Describe the role that your visual analytics played in enabling
discovery of the notable events in MC3.1. Describe whether your visual
analytics play a role in formulating the questions in MC3.2. Your answer should
be no more than 300 words long and may contain up to three additional images.
My initial idea is to use some real-time technique. In some
sense, it’s not easy to detect the notable events in history because it focuses
on the status of the servers and stations. As long as they are running fine, we
assume the network is relative safe and secure. We should focus on the network events
in the future to improve.