PortVis: A Tool for Port-Based Detection of Security Events
Most visualizations of security-related network data require large amounts of finely detailed, high-dimensional data. However, in some cases, the data available can only be coarsely detailed because of security concerns or other limitations. How can interesting security events still be discovered in data that lacks important details, such as IP addresses, network security alarms, and labels? In this paper, we discuss a system we have designed that takes very coarsely detailed data-basic, summarized information of the activity on each TCP port during each given hour-and uses visualization to help uncover interesting security events.
- Research Organization:
- Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- W-7405-ENG-48
- OSTI ID:
- 15014437
- Report Number(s):
- UCRL-CONF-205756; TRN: US200807%%830
- Resource Relation:
- Conference: Presented at: VizSec/DMSEC 2004, Fairfax, VA, United States, Oct 29 - Oct 29, 2004
- Country of Publication:
- United States
- Language:
- English
Similar Records
Detecting and Blocking Network Attacks at Ultra High Speeds
Bridging the Host-Network Divide: Survey, Taxonomy, and Solution
An ethernet/IP security review with intrusion detection applications
Technical Report
·
Mon Nov 29 00:00:00 EST 2010
·
OSTI ID:15014437
Bridging the Host-Network Divide: Survey, Taxonomy, and Solution
Conference
·
Tue Apr 17 00:00:00 EDT 2007
·
OSTI ID:15014437
+1 more
An ethernet/IP security review with intrusion detection applications
Conference
·
Sat Jul 01 00:00:00 EDT 2006
·
OSTI ID:15014437