A Visualization Methodology for Characterization of Network Scans

V
VIZSEC
2005
2005 IEEE Workshops on Visualization for Computer Security
Abstract - A Visualization Methodology for Characterization of Network Scans

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Chris Muelder Articles by Kwan-Liu Ma Articles by Tony Bartoletti

2005 IEEE Workshops on Visualization for Computer Security

Minneapolis, Minnesota

October 26-October 26

ISBN: 0-7803-9477-1

	ASCII Text	x
	Chris Muelder, Kwan-Liu Ma, Tony Bartoletti, "A Visualization Methodology for Characterization of Network Scans," Visualization for Computer Security, IEEE Workshops on, pp. 4, 2005 IEEE Workshops on Visualization for Computer Security, 2005.

	BibTex	x
	@article{ 10.1109/VIZSEC.2005.2, author = {Chris Muelder and Kwan-Liu Ma and Tony Bartoletti}, title = {A Visualization Methodology for Characterization of Network Scans}, journal ={Visualization for Computer Security, IEEE Workshops on}, volume = {0}, year = {2005}, isbn = {0-7803-9477-1}, pages = {4}, doi = {http://doi.ieeecomputersociety.org/10.1109/VIZSEC.2005.2}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Visualization for Computer Security, IEEE Workshops on TI - A Visualization Methodology for Characterization of Network Scans SN - 0-7803-9477-1 SP EP A1 - Chris Muelder, A1 - Kwan-Liu Ma, A1 - Tony Bartoletti, PY - 2005 KW - information visualization KW - security visualization KW - graph visualization KW - clustering KW - wavelets KW - scalograms KW - network scans KW - cyber forensics KW - adversary characterization VL - 0 JA - Visualization for Computer Security, IEEE Workshops on ER -

Chris Muelder, University of California, Davis

Kwan-Liu Ma, University of California, Davis

Tony Bartoletti, Lawrence Livermore National Laboratory

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/VIZSEC.2005.2

Many methods have been developed for monitoring network traffic, both using visualization and statistics. Most of these methods focus on the detection of suspicious or malicious activities. But what they often fail to do refine and exercise measures that contribute to the characterization of such activities and their sources, once they are detected. In particular, many tools exist that detect network scans or visualize them at a high level, but not very many tools exist that are capable of categorizing and analyzing network scans. This paper presents a means of facilitating the process of characterization by using visualization and statistics techniques to analyze the patterns found in the timing of network scans through a method of continuous improvement in measures that serve to separate the components of interest in the characterization so the user can control separately for the effects of attack tool employed, performance characteristics of the attack platform, and the effects of network routing in the arrival patterns of hostile probes. The end result is a system that allows large numbers of network scans to be rapidly compared and subsequently identified.

Index Terms:

information visualization, security visualization, graph visualization, clustering, wavelets, scalograms, network scans, cyber forensics, adversary characterization

Citation:

Chris Muelder, Kwan-Liu Ma, Tony Bartoletti, "A Visualization Methodology for Characterization of Network Scans," vizsec, pp.4, 2005 IEEE Workshops on Visualization for Computer Security, 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.