A visualization methodology for characterization of network scans

Chris Muelder, Kwan-Liu Ma, Tony Bartoletti

Research output: Chapter in Book/Report/Conference proceedingConference contribution

41 Scopus citations


Many methods have been developed for monitoring network traffic, both using visualization and statistics. Most of these methods focus on the detection of suspicious or malicious activities. But what they often fail to do refine and exercise measures that contribute to the characterization of such activities and their sources, once they are detected. In particular, many tools exist that detect network scans or visualize them at a high level, but not very many tools exist that are capable of categorizing and analyzing network scans. This paper presents a means of facilitating the process of characterization by using visualization and statistics techniques to analyze the patterns found in the timing of network scans through a method of continuous improvement in measures that serve to separate the components of interest in the characterization so the user can control separately for the effects of attack tool employed, performance characteristics of the attack platform, and the effects of network routing in the arrival patterns of hostile probes. The end result is a system that allows large numbers of network scans to be rapidly compared and subsequently identified.

Original languageEnglish (US)
Title of host publicationIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings
Number of pages10
StatePublished - Dec 1 2005
EventIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05 - Minneapolis, MN, United States
Duration: Oct 26 2005Oct 26 2005


OtherIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05
Country/TerritoryUnited States
CityMinneapolis, MN


  • Adversary characterization
  • Clustering
  • Cyber forensics
  • Graph visualization
  • Information visualization
  • Network scans
  • Scalograms
  • Security visualization
  • Wavelets

ASJC Scopus subject areas

  • Engineering(all)


Dive into the research topics of 'A visualization methodology for characterization of network scans'. Together they form a unique fingerprint.

Cite this