M-Sieve: a visualisation tool for supporting network security analysts

The Middlesex Spatial Interactive Visualisation Environment (M-Sieve) is a spatiotemporal visual analytics tool for exploring computer network activity. M-Sieve allows the user to filter and visualize data through facets to explore and find patterns. To help guide exploration, we developed a set of rules which are used to derive a variable we call the ‘Concern Level Assessment’ (CLA). The CLA is based on attributes of nodes on the network. The rules were developed by eliciting inferences from network security domain experts. The combination of M-Sieve and the CLA allowed us to address the problem presented by the VAST 2012 Competition - Mini Challenge 1.