Improving Large Graph Visualization Using a Paging Mechanism




Jafarrangchi, Fatemeh

Journal Title

Journal ISSN

Volume Title



The activity and event network (AEN) model captures the network activities and events using a large random dynamic graph that is continuously maintained and updated as new information and data arrive. The AEN engine leverages extensive graph database technology in creating, maintaining, and visualizing the produced graph. Because the graph can become very large (e.g., have millions of nodes) over time, a visual analysis by a security analyst can be unwieldy, overwhelming, and thus counterproductive. This thesis presents an extension of the AEN graph engine visualization module, which consists on developing a timeline feature that improves the visualization process by allowing the analyst to access and work on segments or portions of the graph as needed. A graph paging mechanism was developed to implement the timeline feature, where a graph is structured into multiple pages that enable navigating back and forth and other related functionality. To reduce memory/storage usage, the proposed graph paging mechanism supports consolidating fine-grain changes into coarser-grain ones without losing the timeline integrity and altering the order in which the changes occurred. An experimental evaluation using the CIC 2017 IDS evaluation dataset yielded improved results in visualizing and handling large graphs while achieving low performance overhead in terms of response time, CPU time, and memory utilization.



AEN, Graph, Visualization, Paging, Performance, Network data, Syslog, Netflow, Cybersecurity, Vulnerabilities, Cybersecurity analyzer, Timeline