Visualization of Individual Instances

SecuML web user interface displays individual instances (e.g. errors from the confusion matrix with DIADEM, or instances to annotate with ILAB) in a Description panel.

Default Visualization: All the Features

By default, the Description panel displays the values of all the features of the instance. All the Features for Spam Detection displays the features extracted from an email in the spam detection use case: the number of occurrences of each word in the vocabulary. Since the vocabulary contains 1000 words, this visualization is hardly interpretable for humans.

_images/features_values.png

All the Features for Spam Detection

Note

The values of the features are not displayed in the case of sparse feature matrices for performance reasons.

Pluggable Problem-Specific Visualizations

SecuML enables to plug problem-specific visualizations for each project (the datasets belonging to the same project share the same problem-specific visualizations). Mail Visualization for Spam Detection depicts a problem-specific visualization we have implemented for the spam detection use case. It simply displays the raw content of the email message, but it is much easier to analyze than All the Features for Spam Detection.

_images/mail.png

Mail Visualization for Spam Detection

Problem-specific visualizations should be easily interpretable by security experts and display the most relevant elements from a detection perspective. They may point out to external tools or information to provide some context. Several custom visualizations can be implemented (in different tabs) to show the instances from various angles.

Note

Problem-specific visualizations are not required to use SecuML web user interface. However, we strongly encourage to implement convenient problem-specific visualizations, since they can significantly ease the analysis of individual instances.

Moreover, all SecuML modules (e.g. DIADEM, ILAB, Projection for Data Visualization, Clustering) rely on the same Description panel to display the instances. As a result, once a custom visualization has been implemented for a given project it is displayed by all SecuML modules.

Implementation

JavaScript code

The code must be stored in secuml/web/static/js/instances_visu/<project>.js.

Flask code

The code must be stored in secuml/web/views/projects/<project>.py.