SNAPS : semantic network traffic analysis through projection and selection

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

21 Citations (Scopus)
2 Downloads (Pure)


Most network traffic analysis applications are designed to discover malicious activity by only relying on high-level flow-based message properties. However, to detect security breaches that are specifically designed to target one network (e.g., Advanced Persistent Threats), deep packet inspection and anomaly detection are indispensible. In this paper, we focus on how we can support experts in discovering whether anomalies at message level imply a security risk at network level. In SNAPS (Semantic Network traffic Analysis through Projection and Selection), we provide a bottom-up pixel-oriented approach for network traffic analysis where the expert starts with low-level anomalies and iteratively gains insight in higher level events through the creation of multiple selections of interest in parallel. The tight integration between visualization and machine learning enables the expert to iteratively refine anomaly scores, making the approach suitable for both post-traffic analysis and online monitoring tasks. To illustrate the effectiveness of this approach, we present example explorations on two real-world data sets for the detection and understanding of potential Advanced Persistent Threats in progress.
Original languageEnglish
Title of host publication2015 IEEE Symposium on Visualization for Cyber Security (VizSec), 25 October 2015, Chicago, Illinois
EditorsL. Harrison, N. Prigent, S. Engle, D. Best, J. Goodall
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers
Number of pages8
ISBN (Electronic) 978-1-4673-7599-3
ISBN (Print)978-1-4673-7600-6
Publication statusPublished - 25 Oct 2015


Dive into the research topics of 'SNAPS : semantic network traffic analysis through projection and selection'. Together they form a unique fingerprint.

Cite this