User-centered anomaly detection in network data

Identifying anomalies in network traffic logs is a very challenging task for a network analyst. With the ever-increasing number of devices that can be connected to the network, the need for detecting anomalies is at the peak. Usual techniques for detecting such anomalies include visual analysis of network data or applying automated algorithms. Both techniques have major drawbacks. Visual analysis requires high expertise of the analyst, and automated detection algorithms produce high rates of false alarms. In this work, both techniques are combined to improve the detection and reduce the workload of the analyst. The visual interface gives the network administrator the power to edit the predictions made by the algorithms. The feedback from the network administrator are used by the algorithms to improve the performance of the detector and to reduce the false alarms. The system is tested and evaluated on a publicly available dataset which shows that the system achieves competitive performance.