research-article

Visualizing graph features for fast port scan detection

Authors:

Maggie Cheng,

Quanmin Ye,

Robert F. ErbacherAuthors Info & Claims

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

Article No.: 30, Pages 1 - 4

https://doi.org/10.1145/2459976.2460010

Published: 08 January 2013 Publication History

Get Access

Abstract

Detection of sophisticated network scans, such as low and slow scans, requires correlation of large amounts of network data over long periods of time. The volume of data obfuscating such scans can be overwhelming and makes computation challenging. Such scans pose network security risks since identifying running services, the goal of executing such scans, is the first step in launching an attack on the scanned host. To detect sophisticated scans we propose the integration of graph feature extraction techniques with visualization to simultaneously optimize computational complexity and human analyst time. The integrated approach uses graph modeling and preprocessing to make visual displays easy to comprehend, and uses human intervention to avoid solving NP-hard computational problems while still providing real-time visualization.

References

[1]

R. F. Erbacher and K. A. Forcht, "Combining visualization and interaction for scalable detection of anomalies in network data," The Journal of Computer Information Systems, Vol. 50, No. 4, pp. 117--126, 2010.

Google Scholar

[2]

J. P. Anderson, "Computer Security Threat Monitoring and Surveillance," James P. Anderson Co., Fort Washington, PA (Apr. 1980).

Google Scholar

[3]

D. E. Denning, "An Intrusion-Detection Model," IEEE Trans. on Software Eng., Vol. 13, No. 2, Feb. 1987, pp. 222--232; also in Proc. of the 1986 Symp. on Security and Privacy, IEEE Computer Society, April 1986, pp. 118--131.

Digital Library

Google Scholar

[4]

B. Shah and B. H. Trivedi, "Artificial Neural Network based Intrusion Detection System: A Survey," International Journal of Computer Applications, Vol. 39, No. 6, pp. 13--18, 2012.

Crossref

Google Scholar

[5]

S. Axelsson, "The base-rate fallacy and the difficulty of intrusion detection," ACM Trans. Inf. Syst. Secur., Vol. 3, No. 3, pp. 186--205, August 2010.

Digital Library

Google Scholar

[6]

Zhang Jiawan, Li Liang, Lu Liangfu and Zhou Ning, "A Novel Visualization Approach for Efficient Network Scans Detection", International Conference on Security Technology (SECTECH), 2008.

Digital Library

Google Scholar

[7]

Muelder, C., Kwan-Liu Ma and Bartoletti, T., "A Visualization Methodology for Characterization of Network Scans", IEEE Workshop on Visualization for Computer Security (VizSEC), 2005.

Digital Library

Google Scholar

Cited By

View all

Moein MSoliman A(2022)Predicting the Compressive Strength of Alkali-Activated Concrete Using Various Data Mining MethodsProceedings of the Canadian Society of Civil Engineering Annual Conference 202110.1007/978-981-19-1004-3_26(317-326)Online publication date: 24-May-2022
https://doi.org/10.1007/978-981-19-1004-3_26

Index Terms

Visualizing graph features for fast port scan detection

Recommendations

Inter-domain stealthy port scan detection through complex event processing
EWDC '11: Proceedings of the 13th European Workshop on Dependable Computing

Large enterprises are nowadays complex interconnected software systems spanning over several domains. This new dimension makes difficult for enterprises the task of enabling efficient security defenses. This paper addresses the problem of detecting ...
Interactive visualization for network and port scan detection
RAID'05: Proceedings of the 8th international conference on Recent Advances in Intrusion Detection

Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to ...
A Profile-Based Fast Port Scan Detection Method
Computational Collective Intelligence
Abstract
Before intruding into a system attackers need to collect information about the target machine. Port scanning is one of the most popular techniques for that purpose, it enables to discover services that may be exploited. In this paper we propose an ...

Comments

Information & Contributors

Information

Published In

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

January 2013

282 pages

ISBN:9781450316873

DOI:10.1145/2459976

Editors:
Frederick Sheldon
Oak Ridge National Laboratory
,
Annarita Giani
Los Alamos National Laboratory
,
Axel Krings
University of Idaho
,
Robert Abercrombie
Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 January 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

CSIIRW '13

Sponsor:

Los Alamos National Labs
Sandia National Labs
DOE
Lawrence Livermore National Lab.
BERKELEYLAB
Argonne Natl Lab
Idaho National Lab.
Nevada National Security Site

CSIIRW '13: Cyber Security and Information Intelligence

January 8 - 10, 2013

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
204
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Moein MSoliman A(2022)Predicting the Compressive Strength of Alkali-Activated Concrete Using Various Data Mining MethodsProceedings of the Canadian Society of Civil Engineering Annual Conference 202110.1007/978-981-19-1004-3_26(317-326)Online publication date: 24-May-2022
https://doi.org/10.1007/978-981-19-1004-3_26

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Inter-domain stealthy port scan detection through complex event processing

Interactive visualization for network and port scan detection

A Profile-Based Fast Port Scan Detection Method

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations