Understanding User Behaviour through Action Sequences: From the Usual to the Unusual

@article{Nguyen2019UnderstandingUB,
  title={Understanding User Behaviour through Action Sequences: From the Usual to the Unusual},
  author={Phong H. Nguyen and Cagatay Turkay and Gennady L. Andrienko and Natalia V. Andrienko and Olivier Thonnard and Jihane Zouaoui},
  journal={IEEE Transactions on Visualization and Computer Graphics},
  year={2019},
  volume={25},
  pages={2838-2852}
}
Action sequences, where atomic user actions are represented in a labelled, timestamped form, are becoming a fundamental data asset in the inspection and monitoring of user behaviour in digital systems. Although the analysis of such sequences is highly critical to the investigation of activities in cyber security applications, existing solutions fail to provide a comprehensive understanding due to the complex semantic and temporal characteristics of these data. This paper presents a visual… 

Figures from this paper

ST Sequence Miner: visualization and mining of spatio-temporal event sequences
TLDR
This study unveils that patterns mined from event sequences can better explain possible relationships with proper visualization of time-location data.
User Behavior Map: Visual Exploration for Cyber Security Session Data
TLDR
A map-based visual metaphor is proposed and an interactive map for encoding user behaviors is created that enables analysts to explore and identify user behavior patterns and helps them to understand why some behaviors are regarded as anomalous.
VASABI: Hierarchical User Profiles for Interactive Visual User Behaviour Analytics
TLDR
A user-centred approach is taken to design a visual analytics framework supporting the analysis of collections of users and the numerous sessions of activities they conduct within digital applications, and observes that with the aid of interactive visual hierarchical user profiles, analysts are able to conduct exploratory and investigative analysis effectively.
Visual Analytics of Event Data using Multiple Mining Methods
TLDR
Case studies from two very different domains are investigated to investigate how researchers can gain breakthrough insights by com-bining multiple event mining methods in a visual analytics workflow and demonstrate the importance of using multiple perspectives, complementary set mining methods and a diverse workflow when using visual analytics to analyze complex event data.
LDA Ensembles for Interactive Exploration and Categorization of Behaviors
TLDR
This work proposes an approach leveraging topic modeling techniques – LDA (Latent Dirichlet Allocation) Ensembles – to represent categories of typical behaviors by topics that are obtained through topic modeling a behavior collection.
A Survey of Approaches for Event Sequence Analysis and Visualization using the ESeVis Framework
TLDR
This paper develops the Event Sequence Visualization framework (ESeVis) that gives due credit to the traditions of both fields of information visualization and process mining, and provides an integrated perspective on both fields.
Survey on Visual Analysis of Event Sequence Data
TLDR
This paper reviews the state-of-the-art visual analytics approaches, characterize them with the proposed design space, and categorize them based on analytical tasks and applications.
HisVA: A Visual Analytics System for Studying History
TLDR
HisVA provides an effective event exploration space, where users can investigate relationships among historical events by reviewing and linking them in terms of space and time, and is proposed, a visual analytics system that allows the efficient exploration of historical events from Wikipedia using three views: event, map, and resource.
DELFI: Mislabelled Human Context Detection Using Multi-Feature Similarity Linking
TLDR
DELFI (Detecting Erroneous Labels using Feature-linking Insights), a visual analytics approach to discover and clean unlabeled or mislabeled context data and links similar instances based on a novel concept called Multi-Feature Similarity Linking, which facilitates the identification of probably true labels of mislabeling and unlabeling data.
System Misuse Detection Via Informed Behavior Clustering and Modeling
TLDR
An approach for identifying fraud activity through modeling normal behavior in interactions with a system via machine learning methods, in particular LSTM neural networks is proposed, which is capable of capturing normal behavior, which can then be used to detect abnormal behavior.
...
...

References

SHOWING 1-10 OF 42 REFERENCES
A Visual Analytics Approach for User Behaviour Understanding through Action Sequence Analysis
TLDR
The initial phases of a visual analytics approach that aims to enable a rich understanding of user behaviour through the analysis of user activity sequences are described, which constitutes a novel combination of ``action space'' analysis, pattern mining, and the interactive visual analysis of multiple sequences.
LifeFlow: visualizing an overview of event sequences
TLDR
A novel interactive visual overview of event sequences called LifeFlow is introduced, which is scalable, can summarize all possible sequences, and represents the temporal spacing of the events within sequences.
Sequence Synopsis: Optimize Visual Summary of Temporal Event Data
TLDR
A novel visualization technique based on the minimum description length (MDL) principle to construct a coarse-level overview of event sequence data while balancing the information loss in it and a visual analytics framework with multiple levels-of-detail to facilitate interactive data exploration is proposed.
Frequence: interactive mining and visualization of temporal frequent event sequences
TLDR
Frequency, an intelligent user interface that integrates data mining and visualization in an interactive hierarchical information exploration system for finding frequent patterns from longitudinal event sequences, is proposed.
DecisionFlow: Visual Analytics for High-Dimensional Temporal Event Sequence Data
TLDR
The study results demonstrate that DecisionFlow enables the quick and accurate completion of a range of sequence analysis tasks for datasets containing thousands of event types and millions of individual events.
(s|qu)eries: Visual Regular Expressions for Querying and Exploring Event Sequences
TLDR
(s|qu)eries is a touch-based system that exposes the full expressive power of regular expressions in an approachable way and interleaves query specification with result visualizations, and encourages iterative query-building as well as exploratory work-flows.
CoreFlow: Extracting and Visualizing Branching Patterns from Event Sequences
TLDR
The proposed CoreFlow is a technique that automatically extracts and visualizes branching patterns in event sequences and can compute branching patterns for millions of events in a few seconds, with improved interpretability of extracted patterns compared to previous work.
Identifying Frequent User Tasks from Application Logs
TLDR
This paper designs a novel frequent pattern ranking technique that extracts frequent user tasks from application logs and shows that the proposed technique significantly outperforms state of the art for real-world data.
SensePath: Understanding the Sensemaking Process Through Analytic Provenance
TLDR
A general approach to facilitate such a qualitative analysis process is proposed, and a prototype, SensePath, is introduced to demonstrate the application of this approach with a focus on browser-based online sensemaking.
Visually driven analysis of movement data by progressive clustering
TLDR
The paper investigates the possibilities of using clustering techniques in visual exploration and analysis of large numbers of trajectories, that is, sequences of time-stamped locations of some moving entities, and suggests the procedure of progressive clustering where a simple distance function with a clear meaning is applied on each step which leads to easily interpretable outcomes.
...
...