Alertwheel: radial bipartite graph visualization applied to intrusion detection system alerts

Intrusion detection systems, or IDSs, are network security tools that generate huge quantities of information which are challenging to analyze. Information visualization is essential for efficiently parsing these data to discover the underlying causes of computer security breaches. AlertWheel is a user interface featuring a novel radial overview visualization, as well as filtering, drilling down, and saving and annotating subsets of data, to support the workflow of real network defense analysts. In designing AlertWheel, we identified new ways of displaying bipartite graphs (i.e., network diagrams showing links between two sets of nodes). The links in AlertWheel's visualizations are positioned and shaped to avoid occlusion of data, and three different edge bundling techniques are used to reduce clutter.