Abstract
We present Backhoe, a tool for browsing packet trace or other event logs that makes it easy to spot “statistical novelties” in the traffic, i.e. changes in the character of frequency distributions of feature values and in mutual relationships between pairs of features. Our visualization uses feature entropy and mutual information displays as either the top-level summary of the dataset or alongside the data. Our tool makes it easy to switch between absolute and conditional metrics, and observe their variations at a glance. We successfully used Backhoe for analysis of proprietary protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aslam, J., Bratus, S., Pavlu, V.: Semi-supervised data organization for interactive anomaly analysis. In: ICMLA 2006: Proceedings of the 5th International Conference on Machine Learning and Applications, pp. 55–62 (2006)
Chow, C., Liu, C.: Approximating discrete probability distributions with dependence trees. In: IEEE Trans. Information Theory, vol. 14, pp. 462–467 (1968)
Conti, G.: Security Data Visualization: Graphical Techniques for Network Analysis. No Starch Press (2007)
Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation. In: IMC 2005: Proceedings of the 5th ACM SIGCOMM conference on Internet measurement, pp. 1–6 (2005)
Heer, J., Card, S.K., Landay, J.A.: Prefuse: a toolkit for interactive information visualization. In: CHI 2005: Proceedings of the SIGCHI conference on Human factors in computing systems, pp. 421–430 (2005)
Keim, D.A.: Designing pixel-oriented visualization techniques: Theory and applications. IEEE Transactions on Visualization and Computer Graphics 6(1), 59–78 (2000)
Lakhina, A., Crovella, M., Diot, C.: Characterization of network-wide anomalies in traffic flows. In: IMC 2004: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pp. 201–206 (2004)
Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection. In: Proc. of the 2001 IEEE Symposium on Security and Privacy, pp. 130–143 (2001)
Wattenberg, M.: Baby names, visualization, and social data analysis. In: INFOVIS 2005: Proceedings of the Proceedings of the 2005 IEEE Symposium on Information Visualization, p. 1 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bratus, S., Hansen, A., Pellacini, F., Shubina, A. (2008). Backhoe, a Packet Trace and Log Browser. In: Goodall, J.R., Conti, G., Ma, KL. (eds) Visualization for Computer Security. VizSec 2008. Lecture Notes in Computer Science, vol 5210. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85933-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-85933-8_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85931-4
Online ISBN: 978-3-540-85933-8
eBook Packages: Computer ScienceComputer Science (R0)