Weaving a carpet from log entries: A network security visualization built with co-creation

We created a pixel map for multivariate data based on an analysis of the needs of network security engineers. Parameters of a log record are shown as pixels and these pixels are stacked to represent a record. This allows a broad view of a data set on one screen while staying very close to the raw data and to expose common and rare patterns of user behavior through the visualization itself (the "Carpet"). Visualizations that immediately point to areas of suspicious activity without requiring extensive filtering, help network engineers investigating unknown computer security incidents. Most of them, however, have limited knowledge of advanced visualization techniques, while many designers and data scientists are unfamiliar with computer security topics. To bridge this gap, we developed visualizations together with engineers, following a co-creative process. We will show how we explored the scope of the engineers\´ tasks and how we jointly developed ideas and designs. Our expert evaluation indicates that this visualization helps to scan large parts of log files quickly and to define areas of interest for closer inspection.