24 January 2011 A tri-linear visualization for network anomaly detection
Author Affiliations +
This research discusses a novel application of ternary plots to the visualization of network traffic data. These plots prove to be enormously effective at identifying anomalous network activity and can be valuable in monitoring network activity much more efficiently than can be done with existing techniques. The visualization was implemented in our existing visualization infrastructure to reduce development time. Testing was performed on actual network traffic data collected from a local network. Multiple anomalies were easily identifiable within the data set without any prior knowledge as to the contents of the test file. This paper discusses the ternary plot and its application to network traffic data, the formulas needed to calculate and display ternary coordinates, and the basic architecture for the visualization implementation.
© (2011) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Robert B. Whitaker, Robert B. Whitaker, Robert F. Erbacher, Robert F. Erbacher, "A tri-linear visualization for network anomaly detection", Proc. SPIE 7868, Visualization and Data Analysis 2011, 78680P (24 January 2011); doi: 10.1117/12.872697; https://doi.org/10.1117/12.872697

Back to Top