Designing Pixel-Oriented Visualization Techniques: Theory and Applications
IEEE Transactions on Visualization and Computer Graphics
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
prefuse: a toolkit for interactive information visualization
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Baby Names, Visualization, and Social Data Analysis
INFOVIS '05 Proceedings of the Proceedings of the 2005 IEEE Symposium on Information Visualization
Semi-supervised Data Organization for Interactive Anomaly Analysis.
ICMLA '06 Proceedings of the 5th International Conference on Machine Learning and Applications
Security Data Visualization
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
| Hi-index | 0.00 |
We present Backhoe, a tool for browsing packet trace or other event logs that makes it easy to spot "statistical novelties" in the traffic, i.e. changes in the character of frequency distributions of feature values and in mutual relationships between pairs of features. Our visualization uses feature entropy and mutual information displays as either the top-level summary of the dataset or alongside the data. Our tool makes it easy to switch between absolute and conditional metrics, and observe their variations at a glance. We successfully used Backhoefor analysis of proprietary protocols.