Visualizing graph features for fast port scan detection

Maggie Cheng, Quanmin Ye, Robert F. Erbacher

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Detection of sophisticated network scans, such as low and slow scans, requires correlation of large amounts of network data over long periods of time. The volume of data obfuscating such scans can be overwhelming and makes computation challenging. Such scans pose network security risks since identifying running services, the goal of executing such scans, is the first step in launching an attack on the scanned host. To detect sophisticated scans we propose the integration of graph feature extraction techniques with visualization to simultaneously optimize computational complexity and human analyst time. The integrated approach uses graph modeling and preprocessing to make visual displays easy to comprehend, and uses human intervention to avoid solving NP-hard computational problems while still providing real-time visualization.

Original languageEnglish (US)
Title of host publication8th Annual Cyber Security and Information Intelligence Research Workshop
Subtitle of host publicationFederal Cyber Security R and D Program Thrusts, CSIIRW 2013
DOIs
StatePublished - 2013
Externally publishedYes
Event8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013 - Oak Ridge, TN, United States
Duration: Jan 8 2013Jan 10 2013

Publication series

NameACM International Conference Proceeding Series

Other

Other8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013
Country/TerritoryUnited States
CityOak Ridge, TN
Period1/8/131/10/13

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Visualizing graph features for fast port scan detection'. Together they form a unique fingerprint.

Cite this