Abstract
Detection of sophisticated network scans, such as low and slow scans, requires correlation of large amounts of network data over long periods of time. The volume of data obfuscating such scans can be overwhelming and makes computation challenging. Such scans pose network security risks since identifying running services, the goal of executing such scans, is the first step in launching an attack on the scanned host. To detect sophisticated scans, we propose the integration of graph feature extraction techniques with visualization to simultaneously optimize computational complexity and human analyst time. The integrated approach uses graph modeling and preprocessing to make visual displays easy to comprehend and uses human intervention to avoid solving NP-hard computational problems while still providing real-time visualization. Copyright 2012 ACM.
Recommended Citation
M. Cheng et al., "Visualizing Graph Features for Fast Port Scan Detection," ACM International Conference Proceeding Series, article no. 30, Association for Computing Machinery (ACM), Apr 2013.
The definitive version is available at https://doi.org/10.1145/2459976.2460010
Department(s)
Computer Science
International Standard Book Number (ISBN)
978-145031687-3
Document Type
Article - Conference proceedings
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2024 Association for Computing Machinery, All rights reserved.
Publication Date
15 Apr 2013
