Skip to Main content Skip to Navigation
Conference papers

Comparative Evaluation of Node-Link and Sankey Diagrams for the Cyber Security Domain

Abstract : Visualization tools are critical components of cyber security systems allowing analyzers to better understand, detect and prevent security breaches. Security administrators need to understand which users accessed the database and what operations were performed in order to detect irregularities. The current work compares the Sankey diagram with the more commonly used node-link diagram as an alternative visualization technique for cyber security tasks in a controlled experiment. The results indicate, that the Sankey tool showed a consistent advantage in task completion time and was more effective (measured by the percent of correct answers) in synoptic tasks, while the Node-link diagram was more effective in basic, elementary tasks. Further results revealed that performance had only a small effect on user satisfaction and preferences. Our results suggest that the Sankey tool may be a viable option for cyber security visualization tools and strengthens the need to provide personalized visualization tools based on user preferences.
Document type :
Conference papers
Complete list of metadata

Cited literature [36 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, April 16, 2020 - 2:27:56 PM
Last modification on : Thursday, April 16, 2020 - 3:23:41 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Rotem Blinder, Ofer Biller, Adir Even, Oded Sofer, Noam Tractinsky, et al.. Comparative Evaluation of Node-Link and Sankey Diagrams for the Cyber Security Domain. 17th IFIP Conference on Human-Computer Interaction (INTERACT), Sep 2019, Paphos, Cyprus. pp.497-518, ⟨10.1007/978-3-030-29381-9_31⟩. ⟨hal-02544537⟩



Record views


Files downloads