Enhancing Visual Analysis of Network Traffic Using Knowledge Representation

 

Ling Xiao

Stanford University

John Gerth

Stanford University

Pat Hanrahan

Stanford University

 

Submitted to VAST 2006

 

Abstract

 

The last decade has seen a rapid growth in both the volume and variety of network traffic, while at the same time, the need to analyze the traffic for quality of service, security, and misuse has become increasingly important. In this paper, we will present a traffic analysis system that couples visual analysis with a declarative knowledge representation based on first order logic. Our system supports multiple iterations of the sense-making loop of analytic reasoning, by allowing users to save their discoveries as they are found and to reuse them in future iterations. We will show how the knowledge base can be used to improve both the visual representations and the basic analytical tasks of filtering and changing level of detail. More fundamentally, the knowledge representation can be used to classify the traffic. We will present the results of applying the system to successfully classify 80% of network traffic from one day in our laboratory.

 

 

 

Paper

Adobe Acrobat PDF