Abstract
Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network. Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Becker, R.A., Eick, S.G., Wilks, A.R.: Visualizing network data. IEEE Transactions on Visualization and Computer Graphics 1(1), 16–28 (1995)
Dokas, P., Ertoz, L., Kumar, V., Lazarevic, A., Srivastava, J., Tan, P.: Data mining for network intrusion detection. In: Proc. NSF Workshop on Next Generation Data Mining (2002)
Erbacher, R.F.: Visual traffic monitoring and evaluation. In: Proceedings of the Conference on Internet Performance and Control of Network Systems II, pp. 153–160 (2001)
Girardin, L., Brodbeck, D.: A visual approach for monitoring logs. In: Proceedings of the 12th Usenix System Administration conference, pp. 299–308 (1998)
Goldring, T.: Scatter (and other) plots for visualizing user profiling data and network traffic. In: VizSEC/DMSEC 2004: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 119–123. ACM Press, New York (2004)
Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proc. IEEE Symposium on Security and Privacy (2004)
Kohonen, T.: Self-Organization and Associative Memory, 3rd edn. Springer, Berlin (1989)
Lakkaraju, K., Bearavolu, R., Yurcik, W.: NVisionIP—a traffic visualization tool for security analysis of large and complex networks. In: International Multiconference on Measurement, Modelling, and Evaluation of Computer-Communications Systems (Performance TOOLS) (2003)
Lau, S.: The spinning cube of potential doom. Communications of the ACM 47(6), 25–26 (2004)
Marchette, D.J., Nair, V., Jordan, M., Lauritzen, S.L., Lawless, J.: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. In: Statistics for Engineering and Information Science. Springer, New York (2001)
McPherson, J., Ma, K.-L., Krystosk, P., Bartoletti, T., Christensen, M.: Portvis: A tool for port-based detection of security events. In: ACM VizSEC 2004 Workshop, pp. 73–81 (2004)
Mundiandy, K.: Case study: Visualizing time related events for intrusion detection. In: Proceedings of the IEEE Symposium on Information Visualization 2001, pp. 22–23 (2001)
Pang, R., Yegneswaran, V., Barford, P., Paxson, V., Peterson, L.: Characteristics of internet background radiation. In: Proceedings of the Internet Measurement Conference (2004)
Parno, B., Bartoletti, T.: Internet ballistics: Retrieving forensic data from network scans. In: Poster Presentation, the 13th USENIX Security Symposium (August 2004)
Portnoy, L., Eskin, E., Stolfo, S.J.: Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security, DMSA 2001 (2001)
Staniford, S., Paxson, V., Weaver, N.: How to own the internet in your spare time. In: Proceedings of the 2002 Usenix Security Symposium (2002)
Teoh, S.T., Ma, K.-L., Wu, S.F., Zhao, X.: Case study: Interactive visualization for internet security. In: Proc. IEEE Visualization (2002)
Young, F.W., Hamer, R.M.: Multidimensional Scaling: History, Theory and Applications. Erlbaum, New York (1987)
Yurcik, W., Barlow, J., Lakkaraju, K., Haberman, M.: Two visual computer network security monitoring tools incorporating operator interface requirements. In: ACM CHI Workshop on Human-Computer Interaction and Security Systems, HCISEC (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Muelder, C., Ma, KL., Bartoletti, T. (2006). Interactive Visualization for Network and Port Scan Detection. In: Valdes, A., Zamboni, D. (eds) Recent Advances in Intrusion Detection. RAID 2005. Lecture Notes in Computer Science, vol 3858. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11663812_14
Download citation
DOI: https://doi.org/10.1007/11663812_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31778-4
Online ISBN: 978-3-540-31779-1
eBook Packages: Computer ScienceComputer Science (R0)