ENTVis: A Visual Analytic Tool for Entropy-Based Network Traffic Anomaly Detection

Zhou Fangfang; Huang Wei; Zhao Ying; Shi Yang; Liang Xing; Fan Xiaoping

首页> 外文期刊>Computer Graphics and Applications, IEEE >ENTVis: A Visual Analytic Tool for Entropy-Based Network Traffic Anomaly Detection

【24h】

ENTVis: A Visual Analytic Tool for Entropy-Based Network Traffic Anomaly Detection

机译：ENTVis：用于基于熵的网络流量异常检测的可视化分析工具

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Entropy-based traffic metrics have received substantial attention in network traffic anomaly detection because entropy can provide fine-grained metrics of traffic distribution characteristics. However, some practical issues--such as ambiguity, lack of detailed distribution information, and a large number of false positives--affect the application of entropy-based traffic anomaly detection. In this work, we introduce a visual analytic tool called ENTVis to help users understand entropy-based traffic metrics and achieve accurate traffic anomaly detection. ENTVis provides three coordinated views and rich interactions to support a coherent visual analysis on multiple perspectives: the timeline group view for perceiving situations and finding hints of anomalies, the Radviz view for clustering similar anomalies in a period, and the matrix view for understanding traffic distributions and diagnosing anomalies in detail. Several case studies have been performed to verify the usability and effectiveness of our method. A further evaluation was conducted via expert review.

机译：基于熵的流量指标已在网络流量异常检测中引起了广泛关注，因为熵可以提供流量分布特征的细粒度指标。但是，一些实际问题（例如歧义，缺乏详细的分发信息以及大量误报）会影响基于熵的流量异常检测的应用。在这项工作中，我们引入了一个名为ENTVis的可视化分析工具，以帮助用户了解基于熵的流量指标并实现准确的流量异常检测。 ENTVis提供了三种协调的视图和丰富的交互性，以支持在多个角度上进行一致的可视化分析：用于感知情况和查找异常提示的时间轴组视图，用于在一段时间内对相似异常进行聚类的Radviz视图以及用于了解流量分布的矩阵视图并详细诊断异常。已经进行了几个案例研究，以验证我们方法的可用性和有效性。通过专家评审进行了进一步评估。

著录项

来源
《Computer Graphics and Applications, IEEE》 |2015年第6期|42-50|共9页
作者
Zhou Fangfang; Huang Wei; Zhao Ying; Shi Yang; Liang Xing; Fan Xiaoping;
展开▼
作者单位

Central South University, China;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
anomaly detection; computer graphics; cybersecurity; entropy; visual analytics;

机译：异常检测;计算机图形学;网络安全;熵;视觉分析;

相似文献

外文文献
中文文献
专利

1. Anomaly Detection for Road Traffic: A Visual Analytics Framework [J] . Maria Riveiro, Mikael Lebram, Marcus Elmer IEEE Transactions on Intelligent Transportation Systems . 2017,第8期

机译：道路交通异常检测：视觉分析框架
2. Anomaly Detection for Road Traffic: A Visual Analytics Framework [J] . Riveiro Maria, Lebram Mikael, Elmer Marcus Journal of Turbulence . 2017,第8期

机译：道路交通的异常检测：视觉分析框架
3. Challenging Entropy-based Anomaly Detection and Diagnosis in Cellular Networks [J] . P. Fiadino, A. DAlconzo, M. Schiavone, Computer communication review . 2015,第4期

机译：蜂窝网络中具有挑战性的基于熵的异常检测和诊断
4. VISAD: an interactive and visual analytical tool for the detection of behavioral anomalies in maritime traffic data [C] . Maria Riveiro, Goeran Falkman, Tom Ziemke, Visual analytics for homeland defense and security . 2009

机译：VISAD：一种交互式视觉分析工具，用于检测海上交通数据中的行为异常
5. Network traffic characterization and network anomaly detection. [D] . Li, Lan. 2006

机译：网络流量表征和网络异常检测。
6. Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics [O] . Katherinne Shirley Huancayo Ramos, Marco Antonio Sotelo Monge, Jorge Maestre Vidal 2020

机译：基于基于基准的参考模型用于评估流量流量分析驱动的僵尸网络检测工具
7. A Trajectory Scoring Tool for Local Anomaly Detection in Maritime Traffic Using Visual Analytics [O] . Fernando H. O. Abreu, Amilcar Soares, Fernando V. Paulovich, 2021

机译：使用视觉分析的海洋流量中局部异常检测的轨迹评分工具

ENTVis: A Visual Analytic Tool for Entropy-Based Network Traffic Anomaly Detection

摘要

著录项

相似文献

相关主题

期刊订阅