A visualization tool for exploring multi-scale network traffic anomalies

Author

Fontugne, Romain ; Hirotsu, Toshio ; Fukuda, Kensuke

Author_Institution

Grad. Univ. for Adv. Studies, Tokyo, Japan

Volume

41

fYear

2009

fDate

13-16 July 2009

Firstpage

274

Lastpage

281

Abstract

Visualization is an intuitive and powerful way of understanding the evolution of huge amounts of network traffic in terms of characterizing network anomalies. We propose an interactive tool to display, explore, and understand network traffic focusing on anomalies. It displays traffic on different temporal and spatial (address and port) scales and lets users navigate network data by using a simple interface. Different graphical representations are used to highlight anomalies quickly, and textual packet information about corresponding plotted points are provided. The proposed tool provides good support for understanding traffic behavior and for evaluating the effectiveness of anomaly detection method. The tool directly reads dump files and uses no intermediate database in daily operations. This paper demonstrates several examples emphasizing specific patterns for various anomalies.

Keywords

Internet; data visualisation; telecommunication traffic; Internet; graphical representations; multiscale network traffic anomalies; network data navigation; temporal-spatial scales; textual packet information; visualization tool; Displays; Informatics; Internet; Intrusion detection; Navigation; Remote monitoring; Scattering; Spine; Telecommunication traffic; Visualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Performance Evaluation of Computer & Telecommunication Systems, 2009. SPECTS 2009. International Symposium on

Conference_Location

Istanbul

Print_ISBN

978-1-4244-4165-5

Electronic_ISBN

978-1-56555-328-6

Type

conf

Filename

5224112