PortVis: A tool for port-based detection of security events

Jonathan McPherson, Kwan-Liu Ma, Paul Krystosk, Tony Bartoletti, Marvin Christensen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

142 Scopus citations

Abstract

Most visualizations of security-related network data require large amounts of finely detailed, high-dimensional data. However, in some cases, the data available can only be coarsely detailed because of security concerns or other limitations. How can interesting security events still be discovered in data that lacks important details, such as IP addresses, network security alarms, and labels? In this paper, we discuss a system we have designed that takes very coarsely detailed data-basic, summarized information of the activity on each TCP port during each given hour-and uses visualization to help uncover interesting security events.

Original languageEnglish (US)
Title of host publicationVizSEC/DMSEC '04
Subtitle of host publicationProceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security
Pages73-81
Number of pages9
StatePublished - Dec 1 2004
EventVizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security - Washington, DC, United States
Duration: Oct 29 2004Oct 29 2004

Other

OtherVizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security
CountryUnited States
CityWashington, DC
Period10/29/0410/29/04

Keywords

  • Information visualization
  • Network security
  • User interfaces

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'PortVis: A tool for port-based detection of security events'. Together they form a unique fingerprint.

  • Cite this

    McPherson, J., Ma, K-L., Krystosk, P., Bartoletti, T., & Christensen, M. (2004). PortVis: A tool for port-based detection of security events. In VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (pp. 73-81)