skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Intelligent Classification and Visualization of Network Scans

Abstract

Network scans are a common first step in a network intrusion attempt. In order to gain information about a potential network intrusion, it is beneficial to analyze these network scans. Statistical methods such as wavelet scalogram analysis have been used along with visualization techniques in previous methods. However, applying these statistical methods to reduce the data causes a substantial amount of data loss. This paper presents a study of using associative memory learning techniques to directly compare network scans in order to create a classification which can be used by itself or in conjunction with existing visualization techniques to better characterize the sources of these scans. This produces an integrated system of visual and intelligent analysis which is applicable to real world data.

Authors:
; ; ;
Publication Date:
Research Org.:
Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
914602
Report Number(s):
UCRL-CONF-228878
TRN: US200812%%182
DOE Contract Number:
W-7405-ENG-48
Resource Type:
Conference
Resource Relation:
Conference: Presented at: ACM SIGKDD 2007, San Jose, CA, United States, Aug 12 - Aug 15, 2007
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; CLASSIFICATION; LEARNING; NETWORK ANALYSIS; COMPUTER NETWORKS

Citation Formats

Chen, L, Muelder, C, Ma, K, and Bartoletti, A. Intelligent Classification and Visualization of Network Scans. United States: N. p., 2007. Web.
Chen, L, Muelder, C, Ma, K, & Bartoletti, A. Intelligent Classification and Visualization of Network Scans. United States.
Chen, L, Muelder, C, Ma, K, and Bartoletti, A. Thu . "Intelligent Classification and Visualization of Network Scans". United States. doi:. https://www.osti.gov/servlets/purl/914602.
@article{osti_914602,
title = {Intelligent Classification and Visualization of Network Scans},
author = {Chen, L and Muelder, C and Ma, K and Bartoletti, A},
abstractNote = {Network scans are a common first step in a network intrusion attempt. In order to gain information about a potential network intrusion, it is beneficial to analyze these network scans. Statistical methods such as wavelet scalogram analysis have been used along with visualization techniques in previous methods. However, applying these statistical methods to reduce the data causes a substantial amount of data loss. This paper presents a study of using associative memory learning techniques to directly compare network scans in order to create a classification which can be used by itself or in conjunction with existing visualization techniques to better characterize the sources of these scans. This produces an integrated system of visual and intelligent analysis which is applicable to real world data.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Thu Mar 01 00:00:00 EST 2007},
month = {Thu Mar 01 00:00:00 EST 2007}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • Many methods have been developed for monitoring network traffic, both using visualization and statistics. Most of these methods focus on the detection of suspicious or malicious activities. But what they often fail to do refine and exercise measures that contribute to the characterization of such activities and their sources, once they are detected. In particular, many tools exist that detect network scans or visualize them at a high level, but not very many tools exist that are capable of categorizing and analyzing network scans. This paper presents a means of facilitating the process of characterization by using visualization and statisticsmore » techniques to analyze the patterns found in the timing of network scans through a method of continuous improvement in measures that serve to separate the components of interest in the characterization so the user can control separately for the effects of attack tool employed, performance characteristics of the attack platform, and the effects of network routing in the arrival patterns of hostile probes. The end result is a system that allows large numbers of network scans to be rapidly compared and subsequently identified.« less
  • Visualization tools can take advantage of multiple coordinated views to support analysis of large, multidimensional data sets. Effective design of such views and layouts can be challenging, but understanding users analysis strategies can inform design improvements. We outline an approach for intelligent design configuration of visualization tools with multiple coordinated views, and we discuss a proposed software framework to support the approach. The proposed software framework could capture and learn from user interaction data to automate new compositions of views and widgets. Such a framework could reduce the time needed for meta analysis of the visualization use and lead tomore » more effective visualization design.« less
  • Geographic data sets are often very large in size. Interactive visualization of such data at all scales is not easy because of the limited resolution of the monitors and inability of visualization applications to handle the volume of data. This is especially true for large vector datasets. The end user s experience is frequently unsatisfactory when exploring such data over the web using a naive application. Network bandwidth is another contributing factor to the low performance. In this paper, a Quadtree based technique to visualize extremely large spatial network datasets over the web is described. It involves using custom developedmore » algorithms leveraging a PostGIS database as the data source and Google Earth as the visualization client. This methodology supports both point and range queries along with non-spatial queries. This methodology is demonstrated using a network dataset consisting of several million links. The methodology is based on using some of the powerful features of KML (Keyhole Markup Language). Keyhole Markup Language (KML) is an Open Geospatial Consortium (OGC) standard for displaying geospatial data on Earth browsers. One of the features of KML is the notion of Network Links. Using network links, a wide range of geospatial data sources such as geodatabases, static files and geospatial data services can be simultaneously accessed and visualized seamlessly. Using the network links combined with Level of Detail principle, view based rendering and intelligent server and client-side caching, scalability in visualizing extremely large spatial datasets can be achieved.« less
  • A new intelligent measuring device for underground low-voltage electrical network, no neutral-earth, is designed. It uses the 50 Hz AC directly as the auxiliary power supply, not the directive-current auxiliary source as before. With the known resistance as sample signal resistance and based on the micro-controller 8031, the device is developed. The insulance and distributive capacitance of underground electrical network of a coal mine can be measured and calculated accurately, and displayed quickly with LED. The insulance is the alternating current insulating resistance as the past. It conforms reality for electrical network in alternating current state. The measured distributive capacitancemore » of electrical network is convenient to be compensated with inductance to improve human body safety in coal mines. This compensation is difficult to realize in the past. When the variation of measured values of insulance is recorded and analyzed, the service life of the network cables may be predicted. As to increase the reliability of the device, some steps of protection and anti-interference are adopted.« less
  • An intelligent control system based on fuzzy logic able to compensate for variations and errors during automatic resistance spot welding (RSW) and produce consistent sound welds was developed. A fuzzy logic control (FLC) scheme was employed to overcome the lack of a precise mathematical model of the process. Electrode displacement, indicative of weld nugget growth, was used as the feedback signal to create appropriate actions to adjust power delivered to welds in real time. Control action is generated from a rule-based system constructed from experimental data for welds made under a wide variety of conditions. A neural network (NN) wasmore » constructed to provide process input-output relationships and tune the fuzzy rules off line. The FLC system was evaluated using the NN to describe electrode displacement as a function of percentage maximum heat input and welding time. Results showed the suitability of applying this control scheme to deal with the uncertainties of RSW in a typical automated production environment.« less