Open AccessVisualization of Anomalies using Graph-Based Anomaly Detection
Author(s) -
Ramesh Paudel,
Lauren Tharp,
Dulce Kaiser,
William Eberle,
Gerald C. Gannod
Publication year - 2021
Publication title -
proceedings of the ... international florida artificial intelligence research society conference
Language(s) - English
Resource type - Journals
eISSN - 2334-0762
pISSN - 2334-0754
DOI - 10.32473/flairs.v34i1.128554
Subject(s) - anomaly detection , computer science , false positive paradox , data mining , visualization , context (archaeology) , network security , protocol (science) , graph , anomaly (physics) , artificial intelligence , theoretical computer science , computer security , medicine , paleontology , physics , alternative medicine , pathology , biology , condensed matter physics
Network protocol analyzers such asWireshark are valuable for analyzing network traffic but pose a challenge in that it can be difficult to determine which behaviors are out of the ordinary due to the volume of data that must be analyzed. Network anomaly detection systems can provide vital insights to security analysts to supplement protocol analyzers, but this feedback can be difficult to interpret due to the complexity of the algorithms used and the lack of context to determine the reasoning for which an event was labeled as anomalous. We present an approach for visualizing anomalies using a graph-based anomaly detection methodology that aims to provide visual context to network traffic. We demonstrate the approach using network traffic flows as an approach for aiding in the investigation and triage of anomalous network events. The simplicity of a visual representation supports fast analysis of anomalous traffic to identify true positives from false positives and prevent further potential damage.