Network Anomaly Analysis using the Microsoft HoloLens

• Published in: Proceedings of the Human Factors and Ergonomics Society Annual Meeting Vol. 62; no. 1; pp. 2094 - 2098
• Main Authors: Beitzel, Steve, Dykstra, Josiah, Toliver, Paul, Youzwak, Jason
• Format: Journal Article
• Language: English
• Published: Los Angeles, CA SAGE Publications 01.09.2018
• ISSN: 1541-9312; 1071-1813; 2169-5067
• DOI: 10.1177/1541931218621472

We investigate the feasibility of using Microsoft HoloLens, a mixed reality device, to visually analyze network capture data and locate anomalies. We developed MINER, a prototype application to visualize details from network packet captures as 3D stereogram charts. MINER employs a novel approach to time-series visualization that extends the time dimension across two axes, thereby taking advantage of the immersive 3D space available via the HoloLens. Users navigate the application through eye gaze and hand gestures to view summary and detailed bar graphs. Callouts display additional detail based on the user’s immediate gaze. In a user study, volunteers used MINER to locate network attacks in a dataset from the 2013 VAST Challenge. We compared the time and effort with a similar test using traditional tools on a desktop computer. Our findings suggest that network anomaly analysis with the HoloLens achieved comparable effectiveness, efficiency and satisfaction. We describe user metrics and feedback collected from these experiments; lessons learned and suggested future work.