PROJECT TITLE :

ENTVis: A Visual Analytic Tool for Entropy-Based Network Traffic Anomaly Detection

ABSTRACT:

Entropy-based traffic metrics have received substantial attention in network traffic anomaly detection as a result of entropy can give fine-grained metrics of traffic distribution characteristics. But, some practical issues--like ambiguity, lack of detailed distribution information, and a giant variety of false positives--affect the application of entropy-based traffic anomaly detection. In this work, we have a tendency to introduce a visual analytic tool known as ENTVis to assist users understand entropy-based traffic metrics and achieve accurate traffic anomaly detection. ENTVis provides three coordinated views and wealthy interactions to support a coherent visual analysis on multiple perspectives: the timeline cluster view for perceiving things and finding hints of anomalies, the Radviz view for clustering similar anomalies in a period, and the matrix read for understanding traffic distributions and diagnosing anomalies thoroughly. Many case studies have been performed to verify the usability and effectiveness of our methodology. A additional evaluation was conducted via skilled review.