Interactive visualization for network and port scan detection

Chris Muelder, Kwan-Liu Ma, Tony Bartoletti

Research output: Chapter in Book/Report/Conference proceedingConference contribution

29 Citations (Scopus)

Abstract

Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network, Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.

Original languageEnglish (US)
Title of host publicationRecent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers
Pages265-283
Number of pages19
DOIs
StatePublished - Jul 6 2006
Event8th International Symposium on Recent Advances in Intrusion Detection, RAID 2005 - Seattle, WA, United States
Duration: Sep 7 2005Sep 9 2005

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3858 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other8th International Symposium on Recent Advances in Intrusion Detection, RAID 2005
CountryUnited States
CitySeattle, WA
Period9/7/059/9/05

Fingerprint

Visualization

Keywords

  • Information visualization
  • Intrusion detection
  • Network scans
  • Network security
  • Port scans
  • User interfaces

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Muelder, C., Ma, K-L., & Bartoletti, T. (2006). Interactive visualization for network and port scan detection. In Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers (pp. 265-283). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3858 LNCS). https://doi.org/10.1007/11663812_14

Interactive visualization for network and port scan detection. / Muelder, Chris; Ma, Kwan-Liu; Bartoletti, Tony.

Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers. 2006. p. 265-283 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3858 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Muelder, C, Ma, K-L & Bartoletti, T 2006, Interactive visualization for network and port scan detection. in Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3858 LNCS, pp. 265-283, 8th International Symposium on Recent Advances in Intrusion Detection, RAID 2005, Seattle, WA, United States, 9/7/05. https://doi.org/10.1007/11663812_14
Muelder C, Ma K-L, Bartoletti T. Interactive visualization for network and port scan detection. In Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers. 2006. p. 265-283. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11663812_14
Muelder, Chris ; Ma, Kwan-Liu ; Bartoletti, Tony. / Interactive visualization for network and port scan detection. Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers. 2006. pp. 265-283 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{62456405a7a8463da06992bece3540a3,
title = "Interactive visualization for network and port scan detection",
abstract = "Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network, Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.",
keywords = "Information visualization, Intrusion detection, Network scans, Network security, Port scans, User interfaces",
author = "Chris Muelder and Kwan-Liu Ma and Tony Bartoletti",
year = "2006",
month = "7",
day = "6",
doi = "10.1007/11663812_14",
language = "English (US)",
isbn = "3540317783",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "265--283",
booktitle = "Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers",

}

TY - GEN

T1 - Interactive visualization for network and port scan detection

AU - Muelder, Chris

AU - Ma, Kwan-Liu

AU - Bartoletti, Tony

PY - 2006/7/6

Y1 - 2006/7/6

N2 - Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network, Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.

AB - Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network, Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.

KW - Information visualization

KW - Intrusion detection

KW - Network scans

KW - Network security

KW - Port scans

KW - User interfaces

UR - http://www.scopus.com/inward/record.url?scp=33745653877&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745653877&partnerID=8YFLogxK

U2 - 10.1007/11663812_14

DO - 10.1007/11663812_14

M3 - Conference contribution

AN - SCOPUS:33745653877

SN - 3540317783

SN - 9783540317784

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 265

EP - 283

BT - Recent Advances in Intrusion Detection - 8th International Symposium, RAID 2005, Revised Papers

ER -