×
1 Choose EITC/EITCA Certificates
2 Learn and take online exams
3 Get your IT skills certified

Confirm your IT skills and competencies under the European IT Certification framework from anywhere in the world fully online.

EITCA Academy

Digital skills attestation standard by the European IT Certification Institute aiming to support Digital Society development

LOG IN TO YOUR ACCOUNT

CREATE AN ACCOUNT FORGOT YOUR PASSWORD?

FORGOT YOUR PASSWORD?

AAH, WAIT, I REMEMBER NOW!

CREATE AN ACCOUNT

ALREADY HAVE AN ACCOUNT?
EUROPEAN INFORMATION TECHNOLOGIES CERTIFICATION ACADEMY - ATTESTING YOUR PROFESSIONAL DIGITAL SKILLS
  • SIGN UP
  • LOGIN
  • INFO

EITCA Academy

EITCA Academy

The European Information Technologies Certification Institute - EITCI ASBL

Certification Provider

EITCI Institute ASBL

Brussels, European Union

Governing European IT Certification (EITC) framework in support of the IT professionalism and Digital Society

  • CERTIFICATES
    • EITCA ACADEMIES
      • EITCA ACADEMIES CATALOGUE<
      • EITCA/CG COMPUTER GRAPHICS
      • EITCA/IS INFORMATION SECURITY
      • EITCA/BI BUSINESS INFORMATION
      • EITCA/KC KEY COMPETENCIES
      • EITCA/EG E-GOVERNMENT
      • EITCA/WD WEB DEVELOPMENT
      • EITCA/AI ARTIFICIAL INTELLIGENCE
    • EITC CERTIFICATES
      • EITC CERTIFICATES CATALOGUE<
      • COMPUTER GRAPHICS CERTIFICATES
      • WEB DESIGN CERTIFICATES
      • 3D DESIGN CERTIFICATES
      • OFFICE IT CERTIFICATES
      • BITCOIN BLOCKCHAIN CERTIFICATE
      • WORDPRESS CERTIFICATE
      • CLOUD PLATFORM CERTIFICATENEW
    • EITC CERTIFICATES
      • INTERNET CERTIFICATES
      • CRYPTOGRAPHY CERTIFICATES
      • BUSINESS IT CERTIFICATES
      • TELEWORK CERTIFICATES
      • PROGRAMMING CERTIFICATES
      • DIGITAL PORTRAIT CERTIFICATE
      • WEB DEVELOPMENT CERTIFICATES
      • DEEP LEARNING CERTIFICATESNEW
    • CERTIFICATES FOR
      • EU PUBLIC ADMINISTRATION
      • TEACHERS AND EDUCATORS
      • IT SECURITY PROFESSIONALS
      • GRAPHICS DESIGNERS & ARTISTS
      • BUSINESSMEN AND MANAGERS
      • BLOCKCHAIN DEVELOPERS
      • WEB DEVELOPERS
      • CLOUD AI EXPERTSNEW
  • FEATURED
  • SUBSIDY
  • HOW IT WORKS
  •   IT ID
  • ABOUT
  • CONTACT
  • MY ORDER
    Your current order is empty.
EITCIINSTITUTE
CERTIFIED

How would you use Facets Overview and Deep Dive to audit a network traffic dataset, detect critical imbalances, and prevent data poisoning attacks in an AI pipeline applied to cybersecurity?

by JOSE ALFONSIN PENA / Thursday, 30 October 2025 / Published in Artificial Intelligence, EITC/AI/GCML Google Cloud Machine Learning, Google tools for Machine Learning, Visualizing data with Facets

Facets is an open-source visualization tool designed to facilitate the understanding and analysis of machine learning datasets. It provides two primary modules: Facets Overview and Facets Deep Dive. These modules are particularly valuable in fields where data quality, class balance, and anomaly detection are vital—such as in cybersecurity applications for network traffic analysis. Using these tools effectively enables data scientists and engineers to audit datasets, detect imbalances, and mitigate risks like data poisoning, which is a growing concern in machine learning pipelines.

Facets Overview for Dataset Auditing and Imbalance Detection

Facets Overview presents a high-level, comparative view of entire datasets or dataset splits (such as training, validation, and test sets). For network traffic datasets applied to cybersecurity, these splits often reflect different time periods, network segments, or traffic types (e.g., benign vs. malicious). The Overview module visualizes each feature (column) with histograms, counts, and summary statistics, allowing rapid identification of patterns or anomalies that may indicate data quality issues.

*Example*: Suppose you have a network traffic dataset with features such as `protocol_type`, `src_bytes`, `dst_bytes`, `flag`, and a label column `intrusion_type` (with categories like "normal," "DoS," "probe," "R2L," and "U2R"). By loading both the training and test splits into Facets Overview, you can instantly compare feature distributions and summary statistics.

– Class imbalance: The histogram for `intrusion_type` quickly reveals if certain classes (e.g., "DoS" attacks) vastly outnumber others (e.g., "U2R"). Imbalances of this sort can bias machine learning models, reducing their ability to detect rare but critical attack types.
– Feature distribution shifts: Comparing, for instance, the distribution of `src_bytes` between training and test sets unearths covariate shift. If the test set contains many more large payloads than the training set, the model may perform poorly upon deployment.
– Missing or anomalous values: Overview instantly highlights missing values or outliers in features such as `protocol_type`. Missing categorical values in critical columns could signal data corruption or incomplete logging.

By providing summary statistics—mean, median, standard deviation, min, max, and unique value counts—Facets Overview enables identification of data drift, systematic data collection issues, and erroneous entries, which are all precursors to poor model performance or security vulnerabilities.

Facets Deep Dive for Granular Inspection and Anomaly Detection

Facets Deep Dive complements Overview by enabling granular, row-level inspection and interactive feature analysis. This module is particularly useful for examining subsets of the data, suspicious records, or specific value combinations that may warrant further scrutiny.

*Example*: Continuing with the network traffic dataset, Deep Dive allows selection and filtering by feature values. This is advantageous in several scenarios:

– Investigating rare events: Filtering to display only records labeled as "U2R" attacks (User to Root) makes it easier to review the feature distributions and patterns specific to these rare but severe attack types.
– Correlation analysis: Examining how `flag` values correlate with specific attack types could reveal discriminatory features or unexpected dependencies.
– Outlier detection: Sorting rows by extreme values in `src_bytes` or identifying records where categorical features take unexpected values (e.g., a nonexistent protocol) can help surface poisoned or mislabeled data.

Deep Dive's interactivity encourages hypothesis-driven investigation, allowing rapid iteration over filtering and sorting to isolate problematic records that warrant removal or further cleaning.

Detecting and Preventing Data Poisoning Attacks

Data poisoning in machine learning refers to the intentional manipulation of training data to compromise model integrity. In a cybersecurity context, adversaries may inject misleading records into a network traffic dataset, aiming to cause misclassification (e.g., labeling attack traffic as benign or vice versa).

*Detection via Facets Overview*:

– Distributional anomalies: Poisoned data often manifests as unusual spikes or shifts in feature distributions. For example, if attackers inject a large number of records with legitimate feature values but incorrect labels, the histogram for the `intrusion_type` label may show an unexpected increase in "normal" samples with otherwise attack-like feature characteristics.
– Inconsistent feature relationships: Attackers may create records with inconsistent value combinations (e.g., a rare protocol with an unusually high payload size labeled as benign). Overview helps spot such anomalies at the aggregate level.

*Detection via Facets Deep Dive*:

– Record-level inspection: Deep Dive makes it feasible to filter and examine records with unlikely or previously unseen feature combinations. If manual inspection or domain knowledge suggests that certain combinations should not occur, their presence may indicate poisoning.
– Temporal or source-based filtering: If the poisoning attack is time-based or source IP-based, filtering records by timestamp or IP address can reveal suspicious clusters (e.g., a sudden influx of records from a single source with improbable labels).

*Prevention and Mitigation Strategies*:

– Routine auditing: Regularly visualizing incoming data (prior to model training) using both Overview and Deep Dive supports ongoing dataset hygiene. Recurrent inspection improves the likelihood of early detection of poisoning attempts.
– Automated checks informed by visual exploration: Insights gained from Facets visualizations can inform the development of automated anomaly detection scripts that monitor for the same unusual patterns highlighted visually.
– Feature selection and robustness testing: Understanding which features are most susceptible to manipulation (as revealed in Deep Dive, where certain features are disproportionately involved in suspicious records) can guide feature engineering efforts. Features found to be easily manipulated may be excluded, or models can be made more robust through adversarial training.

Didactic Value of Facets in Network Traffic Analysis

Facets serves as a bridge between raw tabular data and actionable insight, particularly in cybersecurity applications where stakes are high and data quality is paramount. Its didactic value lies in several domains:

1. Transparency: By visualizing the entire dataset, practitioners gain an intuitive, immediate understanding of data composition, distribution, and quality. This transparency is vital for trust in security applications, where auditability is often mandated by regulation or best practice.

2. Efficiency: Facets accelerates the data auditing process by allowing practitioners to move quickly from high-level “big picture” (via Overview) to detailed, row-level investigations (via Deep Dive), reducing the likelihood that critical issues go unnoticed prior to model deployment.

3. Interactivity: The ability to interactively explore, filter, and sort data fosters hypothesis-driven analysis. For example, a security analyst can iteratively refine filters to zoom in on time periods, network segments, or unusual feature combinations, thereby uncovering subtle anomalies or artifacts.

4. Data Integrity Safeguards: Frequent use of Facets as a quality control step enables teams to catch and address data issues early in the pipeline. This is especially important where adversarial manipulation is possible, as in open or partially trusted network environments.

5. Educational Use: Facets also functions as an educational tool for both novice and experienced practitioners, illustrating the importance of data quality, class balance, and anomaly detection in practical, visual terms.

Practical Use Case Illustration

Suppose a cybersecurity team is developing an intrusion detection system using a labeled dataset of network flows. Initial inspection in Facets Overview reveals that the “normal” class constitutes 95% of the data, with rare classes such as “U2R” and “R2L” making up less than 1%. Simultaneously, the `protocol_type` feature shows that certain protocols are absent from the training set but present in the test set—an indication of covariate shift that could lead to poor detection rates for new attack vectors.

Moving to Facets Deep Dive, the team filters the data to show only rare attack types, discovering that many have missing values in key features or identical feature values repeated across many records—potential signs of synthetic data injection (a potential poisoning attempt). By sorting records with unlikely feature combinations or by time period, the team identifies a batch of suspicious records inserted during a specific hour, all labeled as “normal” but exhibiting characteristics typical of known attacks.

Armed with this insight, the team can:

– Remove or further investigate suspect records,
– Adjust sampling or model training methods to account for extreme class imbalance,
– Implement monitoring to flag similar anomalies in future data ingests,
– Document findings for regulatory compliance or incident response.

Integration with Broader ML Pipelines

Facets is particularly effective when integrated as a standard step in the machine learning pipeline:

– Preprocessing phase: Use Facets Overview to compare incoming data batches with historical data, ensuring consistency and surfacing anomalies before model retraining.
– Post-cleaning validation: After cleaning or augmentation, use Deep Dive to sample and inspect the remaining data, ensuring no poisoned or anomalous records persist.
– Model evaluation: Examine misclassified records in Deep Dive to identify whether errors are due to data artifacts, class imbalance, or sophisticated attacks missed during data collection.

By leveraging these capabilities, practitioners can substantially improve data integrity, model robustness, and the trustworthiness of machine learning systems deployed in security-sensitive environments like network intrusion detection.

Other recent questions and answers regarding Visualizing data with Facets:

  • If you are preparing a machine learning pipeline in Python, how would you integrate Facets Overview and Facets Deep Dive into your workflow to detect class imbalances and outliers before training a model with TensorFlow?
  • How can Facets help in identifying imbalanced datasets?
  • How can you load your dataset into Facets?
  • What can you do with Facets Deep Dive?
  • How does Facets Overview help in understanding the dataset?
  • What are the two main components of the Facets tool?

More questions and answers:

  • Field: Artificial Intelligence
  • Programme: EITC/AI/GCML Google Cloud Machine Learning (go to the certification programme)
  • Lesson: Google tools for Machine Learning (go to related lesson)
  • Topic: Visualizing data with Facets (go to related topic)
Tagged under: Artificial Intelligence, Class Imbalance, Cybersecurity, Data Poisoning Prevention, Data Visualization, Dataset Auditing
Home » Artificial Intelligence » EITC/AI/GCML Google Cloud Machine Learning » Google tools for Machine Learning » Visualizing data with Facets » » How would you use Facets Overview and Deep Dive to audit a network traffic dataset, detect critical imbalances, and prevent data poisoning attacks in an AI pipeline applied to cybersecurity?

Certification Center

USER MENU

  • My Account

CERTIFICATE CATEGORY

  • EITC Certification (105)
  • EITCA Certification (9)

What are you looking for?

  • Introduction
  • How it works?
  • EITCA Academies
  • EITCI DSJC Subsidy
  • Full EITC catalogue
  • Your order
  • Featured
  •   IT ID
  • EITCA reviews (Medium publ.)
  • About
  • Contact

EITCA Academy is a part of the European IT Certification framework

The European IT Certification framework has been established in 2008 as a Europe based and vendor independent standard in widely accessible online certification of digital skills and competencies in many areas of professional digital specializations. The EITC framework is governed by the European IT Certification Institute (EITCI), a non-profit certification authority supporting information society growth and bridging the digital skills gap in the EU.
Eligibility for EITCA Academy 90% EITCI DSJC Subsidy support
90% of EITCA Academy fees subsidized in enrolment

    EITCA Academy Secretary Office

    European IT Certification Institute ASBL
    Brussels, Belgium, European Union

    EITC / EITCA Certification Framework Operator
    Governing European IT Certification Standard
    Access contact form or call +32 25887351

    Follow EITCI on X
    Visit EITCA Academy on Facebook
    Engage with EITCA Academy on LinkedIn
    Check out EITCI and EITCA videos on YouTube

    Funded by the European Union

    Funded by the European Regional Development Fund (ERDF) and the European Social Fund (ESF) in series of projects since 2007, currently governed by the European IT Certification Institute (EITCI) since 2008

    Information Security Policy | DSRRM and GDPR Policy | Data Protection Policy | Record of Processing Activities | HSE Policy | Anti-Corruption Policy | Modern Slavery Policy

    Automatically translate to your language

    Terms and Conditions | Privacy Policy
    EITCA Academy
    • EITCA Academy on social media
    EITCA Academy


    © 2008-2026  European IT Certification Institute
    Brussels, Belgium, European Union

    TOP

    We care about your privacy

    EITCI uses cookies and similar technologies to keep this site secure, remember your choices, provide personalized experience, measure the traffic, serve more relevant content and certification programmes. You can accept all cookies or customize your preferences. Cookies are variables used to store website specific information on your device to facilitate processing of data for personalized website visit, such as login to your account, accessing the programmes, placing enrolment orders in chosen programmes and improving your EITC certification journey. You can change or withdraw your consent at any time by clicking the Consent Preferences button at the left-bottom of your screen. We respect your choices and are committed to providing you with a transparent and secure browsing experience, which may be limited when cookies aren't accepted. For more details refer to the Privacy Policy
    Customize Consent Preferences
    We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
    The cookies categorized as Necessary are stored on your browser as they are essential for enabling the basic functionalities of the site.
    To learn more about how Google processes personal information, visit: Google privacy policy

    Necessary

    Always Active

    Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

    Functional

    Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

    Preferences

    Stores personalization choices such as interface preferences.

    External media and social features

    Allows embedded video, social, chat, and external interactive services that may set their own cookies. Keep off until the user chooses these features.

    Analytics

    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

    Marketing and conversions

    Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

    CHAT WITH SUPPORT
    Do you have any questions?
    Attach files with the paperclip or paste screenshots into the message box (Ctrl+V). Max 5 file(s), 10 MB each.
    We will reply here and by email. Your conversation is tracked with a support token.