

PortVis: a tool for port-based detection of security events

14 years 7 months ago
PortVis: a tool for port-based detection of security events
Most visualizations of security-related network data require large amounts of finely detailed, high-dimensional data. However, in some cases, the data available can only be coarsely detailed because of security concerns or other limitations. How can interesting security events still be discovered in data that lacks important details, such as IP addresses, network security alarms, and labels? In this paper, we discuss a system we have designed that takes very coarsely detailed data—basic, summarized information of the activity on each TCP port during each given hour—and uses visualization to help uncover interesting security events. Categories and Subject Descriptors C.2.0 [Computer-Communication Networks]: General— Security and Protection; H.3.1 [Information Storage and l]: Content Analysis and Indexing—Abstracting methods; H.5.2 [Information Interfaces and Presentation]: User Interfaces; I.3.8 [Computer Graphics]: Applications General Terms Algorithms, design, security, huma...
Jonathan McPherson, Kwan-Liu Ma, Paul Krystosk, To
Added 02 Jul 2010
Updated 02 Jul 2010
Type Conference
Year 2004
Authors Jonathan McPherson, Kwan-Liu Ma, Paul Krystosk, Tony Bartoletti, Marvin Christensen
Comments (0)