Neural projection techniques for the visual inspection of network traffic

Álvaro Herrero, Emilio Corchado, Paolo Gastaldo, Rodolfo Zunino
2009 Neurocomputing  
A crucial aspect in network monitoring for security purposes is the visual inspection of the traffic pattern, mainly aimed to provide the network manager with a synthetic and intuitive representation of the current situation. Toward that end, neural projection techniques can map high-dimensional data into a low-dimensional space adaptively, for the user-friendly visualization of monitored network traffic. This work proposes two projection methods, namely, Cooperative Maximum Likelihood Hebbian
more » ... earning and Auto-Associative Back-Propagation networks, for the visual inspection of network traffic. This set of methods may be seen as a complementary tool in network security as it allows the visual inspection and comprehension of the traffic data internal structure. The proposed methods have been evaluated in two complementary and practical networksecurity scenarios: the on-line processing of network traffic at packet level, and the offline processing of connection records, e.g. for post-mortem analysis or batch investigation. The empirical verification of the projection methods involved two experimental domains derived from the standard corpora for evaluation of computer network intrusion detection: the MIT Lincoln Laboratory DARPA dataset. 1.
doi:10.1016/j.neucom.2008.12.038 fatcat:vi55fw5osrawhi3ijw3zswosga