PortVis: A Tool for Port-Based Detection of Security Events
Most visualizations of security-related network data require large amounts of finely detailed, high-dimensional data. However, in some cases, the data available can only be coarsely detailed because of security concerns or other limitations. How can interesting security events still be discovered in data that lacks important details, such as IP addresses, network security alarms, and labels? In this paper, we discuss a system we have designed that takes very coarsely detailed data-basic, summarized information of the activity on each TCP port during each given hour-and uses visualization to help uncover interesting security events.
- Research Organization:
- Lawrence Livermore National Laboratory (LLNL), Livermore, CA
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- W-7405-ENG-48
- OSTI ID:
- 15014437
- Report Number(s):
- UCRL-CONF-205756
- Country of Publication:
- United States
- Language:
- English
Similar Records
Bridging the Host-Network Divide: Survey, Taxonomy, and Solution
Abnormally Malicious Autonomous Systems and their Internet Connectivity
E. Kazakh-AEDS t*. General linear model magnitude studies. Dynamic (amplitude) criteria for automatic association. Synthetic data for evaluation of automatic association. Final technical report
Conference
·
Tue Apr 17 04:00:00 UTC 2007
·
OSTI ID:983451
Abnormally Malicious Autonomous Systems and their Internet Connectivity
Journal Article
·
Sat Jan 01 04:00:00 UTC 2011
· IEEE/ACM Transactions on Networking
·
OSTI ID:1022635
E. Kazakh-AEDS t*. General linear model magnitude studies. Dynamic (amplitude) criteria for automatic association. Synthetic data for evaluation of automatic association. Final technical report
Technical Report
·
Sat Apr 30 04:00:00 UTC 1983
·
OSTI ID:6734258