We present Backhoe, a tool for browsing packet trace or other event logs that makes it easy to spot "statistical novelties" in the traffic, i.e. changes in the character of frequency distributions of feature values and in mutual relationships between pairs of features. Our visualization uses feature entropy and mutual information displays as either the top-level summary of the dataset or alongside the data. Our tool makes it easy to switch between absolute and conditional metrics, and observe their variations at a glance. We successfully used Backhoe for analysis of proprietary protocols.
展开▼
