PortVis: A tool for port-based detection of security events

Jonathan McPherson; Kwan-Liu Ma; Paul Krystosk; Tony Bartoletti; Marvin Christensen

PortVis: A tool for port-based detection of security events

Jonathan McPherson, Kwan-Liu Ma, Paul Krystosk, Tony Bartoletti, Marvin Christensen

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

146 Scopus citations

Abstract

Most visualizations of security-related network data require large amounts of finely detailed, high-dimensional data. However, in some cases, the data available can only be coarsely detailed because of security concerns or other limitations. How can interesting security events still be discovered in data that lacks important details, such as IP addresses, network security alarms, and labels? In this paper, we discuss a system we have designed that takes very coarsely detailed data-basic, summarized information of the activity on each TCP port during each given hour-and uses visualization to help uncover interesting security events.

Original language	English (US)
Title of host publication	VizSEC/DMSEC '04
Subtitle of host publication	Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security
Pages	73-81
Number of pages	9
State	Published - Dec 1 2004
Event	VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security - Washington, DC, United States Duration: Oct 29 2004 → Oct 29 2004

Other

Other	VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security
Country	United States
City	Washington, DC
Period	10/29/04 → 10/29/04

Keywords

Information visualization
Network security
User interfaces

ASJC Scopus subject areas

Engineering(all)

Fingerprint Dive into the research topics of 'PortVis: A tool for port-based detection of security events'. Together they form a unique fingerprint.

Cite this

McPherson, J, Ma, K-L, Krystosk, P, Bartoletti, T & Christensen, M 2004, PortVis: A tool for port-based detection of security events. in VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. pp. 73-81, VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, Washington, DC, United States, 10/29/04.

@inproceedings{15b1ac4f3c8f45b4b0d8fd1d1b3d76a1,

title = "PortVis: A tool for port-based detection of security events",

abstract = "Most visualizations of security-related network data require large amounts of finely detailed, high-dimensional data. However, in some cases, the data available can only be coarsely detailed because of security concerns or other limitations. How can interesting security events still be discovered in data that lacks important details, such as IP addresses, network security alarms, and labels? In this paper, we discuss a system we have designed that takes very coarsely detailed data-basic, summarized information of the activity on each TCP port during each given hour-and uses visualization to help uncover interesting security events.",

keywords = "Information visualization, Network security, User interfaces",

author = "Jonathan McPherson and Kwan-Liu Ma and Paul Krystosk and Tony Bartoletti and Marvin Christensen",

year = "2004",

month = dec,

day = "1",

language = "English (US)",

isbn = "1581139748",

pages = "73--81",

booktitle = "VizSEC/DMSEC '04",

note = "VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security ; Conference date: 29-10-2004 Through 29-10-2004",

}

TY - GEN

T1 - PortVis

T2 - VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security

AU - McPherson, Jonathan

AU - Ma, Kwan-Liu

AU - Krystosk, Paul

AU - Bartoletti, Tony

AU - Christensen, Marvin

PY - 2004/12/1

Y1 - 2004/12/1

N2 - Most visualizations of security-related network data require large amounts of finely detailed, high-dimensional data. However, in some cases, the data available can only be coarsely detailed because of security concerns or other limitations. How can interesting security events still be discovered in data that lacks important details, such as IP addresses, network security alarms, and labels? In this paper, we discuss a system we have designed that takes very coarsely detailed data-basic, summarized information of the activity on each TCP port during each given hour-and uses visualization to help uncover interesting security events.

AB - Most visualizations of security-related network data require large amounts of finely detailed, high-dimensional data. However, in some cases, the data available can only be coarsely detailed because of security concerns or other limitations. How can interesting security events still be discovered in data that lacks important details, such as IP addresses, network security alarms, and labels? In this paper, we discuss a system we have designed that takes very coarsely detailed data-basic, summarized information of the activity on each TCP port during each given hour-and uses visualization to help uncover interesting security events.

KW - Information visualization

KW - Network security

KW - User interfaces

UR - http://www.scopus.com/inward/record.url?scp=20444495766&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=20444495766&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:20444495766

SN - 1581139748

SN - 9781581139747

SP - 73

EP - 81

BT - VizSEC/DMSEC '04

Y2 - 29 October 2004 through 29 October 2004

ER -