software

Bayesvis is an intrusion detection system that visualises a naive bayesian classifier applied to http requests (or similar data). This enables the user to understand overtraining, undertraining and false alarms. The paper that describes Bayesvis goes into more detail about how this is done and how Bayesvis works, including more legible screenshots. It's incidentally the closest thing to a user manual there is.

To get a feel for Bayesvis there's a clearer screenshot and a video that goes through the example in the paper (the low refresh rate is an artefact of the capture process, Bayesvis updates are "instantaneous").

Bayesvis is getting long in the tooth and needs Fedora Core 1 or similar to run, so this page is mostly for reference. That said, Bayesvis is written in Python (tested with version 2.2.3) and in order to run it you also need wxPython (version 2.4.2.4). In order to do development Boa constructor is nice (as that's what was used to design the interface; version 0.2.8). If you want to be able to actually use it, then you also need Psyco the specialising Python compiler to speed it up. While Bayesvis should run on Windows in theory one of the widgets its using (the status bar) is unavailable on that platform so Linux is your best bet at this point. As wxPython etc are all available under Windows it shouldn't be too difficult to port.

Bayesvis is prototype software, while it (sort of) works it's lacking in polish. There are no safety interlocks against deleting all your work by doing 'new', 'load' etc. The user interface code is quite frankly crap (single threaded, and quite a few ugly hacks) and could use some work. As I'm finishing up my PhD thesis as I write this, don't hold your breath in anticipation of me getting around to that. It's released under the GPL though, so you're of course free to do whatever you like with it (within the bounds of the GPL of course).

That said, here's the download of version 0.5 as one big tar.gz.

I'm also releasing the data in the screenshot, if you want to try that for yourself.

Last edited 2004-04-24