Interactive visualization for network and port scan detection

Chris Muelder; Kwan-Liu Ma; Tony Bartoletti

doi:10.1007/11663812_14

Interactive visualization for network and port scan detection

Chris Muelder, Kwan-Liu Ma, Tony Bartoletti

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

30 Scopus citations

Abstract

Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network, Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.

Original language	English (US)
Title of host publication	Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers
Pages	265-283
Number of pages	19
DOIs	https://doi.org/10.1007/11663812_14
Publication status	Published - Jul 6 2006
Event	8th International Symposium on Recent Advances in Intrusion Detection, RAID 2005 - Seattle, WA, United States Duration: Sep 7 2005 → Sep 9 2005

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3858 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	8th International Symposium on Recent Advances in Intrusion Detection, RAID 2005
Country	United States
City	Seattle, WA
Period	9/7/05 → 9/9/05

Fingerprint

Keywords

Information visualization
Intrusion detection
Network scans
Network security
Port scans
User interfaces

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Cite this

Muelder, C., Ma, K-L., & Bartoletti, T. (2006). Interactive visualization for network and port scan detection. In Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers (pp. 265-283). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3858 LNCS). https://doi.org/10.1007/11663812_14

Interactive visualization for network and port scan detection. / Muelder, Chris; Ma, Kwan-Liu; Bartoletti, Tony.

Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers. 2006. p. 265-283 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3858 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Muelder, C, Ma, K-L & Bartoletti, T 2006, Interactive visualization for network and port scan detection. in Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3858 LNCS, pp. 265-283, 8th International Symposium on Recent Advances in Intrusion Detection, RAID 2005, Seattle, WA, United States, 9/7/05. https://doi.org/10.1007/11663812_14

Muelder C, Ma K-L, Bartoletti T. Interactive visualization for network and port scan detection. In Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers. 2006. p. 265-283. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11663812_14

@inproceedings{62456405a7a8463da06992bece3540a3,

title = "Interactive visualization for network and port scan detection",

abstract = "Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network, Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.",

keywords = "Information visualization, Intrusion detection, Network scans, Network security, Port scans, User interfaces",

author = "Chris Muelder and Kwan-Liu Ma and Tony Bartoletti",

year = "2006",

month = "7",

day = "6",

doi = "10.1007/11663812_14",

language = "English (US)",

isbn = "3540317783",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "265--283",

booktitle = "Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers",

note = "8th International Symposium on Recent Advances in Intrusion Detection, RAID 2005 ; Conference date: 07-09-2005 Through 09-09-2005",

}

TY - GEN

T1 - Interactive visualization for network and port scan detection

AU - Muelder, Chris

AU - Ma, Kwan-Liu

AU - Bartoletti, Tony

PY - 2006/7/6

Y1 - 2006/7/6

N2 - Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network, Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.

AB - Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network, Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.

KW - Information visualization

KW - Intrusion detection

KW - Network scans

KW - Network security

KW - Port scans

KW - User interfaces

UR - http://www.scopus.com/inward/record.url?scp=33745653877&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745653877&partnerID=8YFLogxK

U2 - 10.1007/11663812_14

DO - 10.1007/11663812_14

M3 - Conference contribution

AN - SCOPUS:33745653877

SN - 3540317783

SN - 9783540317784

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 265

EP - 283

BT - Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers

T2 - 8th International Symposium on Recent Advances in Intrusion Detection, RAID 2005

Y2 - 7 September 2005 through 9 September 2005

ER -

Access to Document

10.1007/11663812_14