A crucial aspect in network monitoring for security purposes is the visual inspection of the traffic pattern, mainly aimed to provide the network manager with a synthetic and intuitive representation of the current situation. Towards that end, neural projection techniques can map high-dimensional data into a low-dimensional space adaptively, for the user-friendly visualization of monitored network traffic. This work proposes two projection methods, namely, cooperative maximum likelihood Hebbian learning and auto-associative back-propagation networks, for the visual inspection of network traffic. This set of methods may be seen as a complementary tool in network security as it allows the visual inspection and comprehension of the traffic data internal structure. The proposed methods have been evaluated in two complementary and practical network-security scenarios: the on-line processing of network traffic at packet level, and the off-line processing of connection records, e.g. for post-mortem analysis or batch investigation. The empirical verification of the projection methods involved two experimental domains derived from the standard corpora for evaluation of computer network intrusion detection: the MIT Lincoln Laboratory DARPA dataset.
Neural Projection Techniques for the Visual Inspection of Network Traffic
GASTALDO, PAOLO;ZUNINO, RODOLFO
2009-01-01
Abstract
A crucial aspect in network monitoring for security purposes is the visual inspection of the traffic pattern, mainly aimed to provide the network manager with a synthetic and intuitive representation of the current situation. Towards that end, neural projection techniques can map high-dimensional data into a low-dimensional space adaptively, for the user-friendly visualization of monitored network traffic. This work proposes two projection methods, namely, cooperative maximum likelihood Hebbian learning and auto-associative back-propagation networks, for the visual inspection of network traffic. This set of methods may be seen as a complementary tool in network security as it allows the visual inspection and comprehension of the traffic data internal structure. The proposed methods have been evaluated in two complementary and practical network-security scenarios: the on-line processing of network traffic at packet level, and the off-line processing of connection records, e.g. for post-mortem analysis or batch investigation. The empirical verification of the projection methods involved two experimental domains derived from the standard corpora for evaluation of computer network intrusion detection: the MIT Lincoln Laboratory DARPA dataset.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.