TY - GEN
T1 - Visualizing graph features for fast port scan detection
AU - Cheng, Maggie
AU - Ye, Quanmin
AU - Erbacher, Robert F.
PY - 2013
Y1 - 2013
N2 - Detection of sophisticated network scans, such as low and slow scans, requires correlation of large amounts of network data over long periods of time. The volume of data obfuscating such scans can be overwhelming and makes computation challenging. Such scans pose network security risks since identifying running services, the goal of executing such scans, is the first step in launching an attack on the scanned host. To detect sophisticated scans we propose the integration of graph feature extraction techniques with visualization to simultaneously optimize computational complexity and human analyst time. The integrated approach uses graph modeling and preprocessing to make visual displays easy to comprehend, and uses human intervention to avoid solving NP-hard computational problems while still providing real-time visualization.
AB - Detection of sophisticated network scans, such as low and slow scans, requires correlation of large amounts of network data over long periods of time. The volume of data obfuscating such scans can be overwhelming and makes computation challenging. Such scans pose network security risks since identifying running services, the goal of executing such scans, is the first step in launching an attack on the scanned host. To detect sophisticated scans we propose the integration of graph feature extraction techniques with visualization to simultaneously optimize computational complexity and human analyst time. The integrated approach uses graph modeling and preprocessing to make visual displays easy to comprehend, and uses human intervention to avoid solving NP-hard computational problems while still providing real-time visualization.
UR - http://www.scopus.com/inward/record.url?scp=84876003628&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84876003628&partnerID=8YFLogxK
U2 - 10.1145/2459976.2460010
DO - 10.1145/2459976.2460010
M3 - Conference contribution
AN - SCOPUS:84876003628
SN - 9781450316873
T3 - ACM International Conference Proceeding Series
BT - 8th Annual Cyber Security and Information Intelligence Research Workshop
T2 - 8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013
Y2 - 8 January 2013 through 10 January 2013
ER -