A study of analyzing network traffic as images in real-time Conference Paper uri icon

abstract

  • This paper presents NetViewer, a network measurement approach that can simultaneously detect, identify and visualize attacks and anomalous traffic in real-time by passively monitoring packet headers. We propose to represent samples of network packet header data as frames or images. With such a formulation, a series of samples can be seen as a sequence of frames or video. This enables techniques from image processing and video compression to be applied to the packet header data to reveal interesting properties of traffic. We show that "scene change analysis" can reveal sudden changes in traffic behavior or anomalies. We also show that "motion prediction" techniques can be employed to understand the patterns of some of the attacks. We show that it may be feasible to represent multiple pieces of data as different colors of an image enabling a uniform treatment of multidimensional packet header data. We compare NetViewer with classical detection theory based Neyman-Pearson test and an IDS tool. 2005 IEEE.

name of conference

  • Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.

published proceedings

  • IEEE INFOCOM 2005: THE CONFERENCE ON COMPUTER COMMUNICATIONS, VOLS 1-4, PROCEEDINGS

author list (cited authors)

  • Kim, S. S., & Reddy, A.

citation count

  • 28

complete list of authors

  • Kim, SS||Reddy, ALN

publication date

  • January 2005