VISUALIZING NETWORK TRAFFIC AS IMAGES FOR NETWORK ANOMALY DETECTION

Abstract

This paper presents novel methodology to visualize network traffic. In this paper, method of transforming network packet header data to image is proposed. Methodology to detect anomalies from these images is also projected. This method can be used for real time anomaly detection and intrusion detection. Images can be processed in a number of ways to extract information from it. This formulation enables techniques from image processing to be applied to the analysis of packet header data to reveal interesting properties of traffic. Network anomaly detection systems can also take help from these processes. This method can detect anomalies in an efficient manner and can be used as the basis of number of new anomaly detection methods. Analysis of results of intrusion detection is also presented. This methodology is evaluated using MIT Lincoln Laboratory 1999 DARPA Off-Line Intrusion Detection Evaluation dataset. Our focus here is to develop an innovative technique for network packet header visualization that will highlight the features of the network data most vulnerable to intrusions. Our approach is compared against ALAD and PHAD techniques and results are reported.