Abstract
An existence plot is a low-resolution visualization that concurrently represents the activity of all 216 ports on a single host. By doing so, we are able to show patterns of port usage which can indicate server activity and demonstrate scanning. In this work we introduce the existence plot as a visualization and discuss its use in gaining insight into a host’s behavior.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Collins, M., Shimeall, T., Faber, S., Janies, J., Weaver, R., De Shon, M., Kadane, J.: Using uncleanliness to predict future botnet addresses. In: Proceedings of IMC 2007 (2007)
Hernandez-Campos, F., Nobel, A., Smith, F., Jeffay, K.: Understanding patterns of tcp connection usage with statistical clustering. In: Proceedings of MASCOTS 2005. IEEE Computer Society, Los Alamitos (2005)
Lakkaraju, K., Yurcik, W., Lee, A.: Nvisionip: netflow visualizations of system state for security situational awareness. In: Proceedings of VizSEC 2004 (2004)
Mansmann, F., Meier, L., Keim, D.: Visualization of host behavior for network security. In: Proceedings of VizSEC 2007 (2007)
Marchette, D.: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Springer, New York (2001)
McPherson, J., Ma, K., Krystosek, P., Bartoletti, T., Christensen, M.: Portvis: a tool for port-based detection of security events. In: Proceedings of VizSEC/DMSEC 2004. ACM, New York (2004)
Pang, R., Yegneswaran, V., Barford, P., Paxson, V., Peterson, L.: Characteristics of internet background radiation. In: Proceedings of IMC 2004 (2004)
Wright, C., Monrose, F., Masson, G.: Using visual motifs to classify encrypted traffic. In: proceedings of VizSEC 2006. ACM Press, New York (2006)
Xiao, L., Gerth, J., Hanrahan, P.: Enhancing visual analysis of network traffic using a knowledge representation. VAST 0, 107–114 (2006)
Yegneswaran, V., Barford, P., Ullrich, J.: Internet intrusions: Global characteristics and prevalence. In: Proceedings of ACM SIGMETRICS 2003 (2003)
Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: Visflowconnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of VizSEC/DMSEC 2004. ACM Press, New York (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Janies, J. (2008). Existence Plots: A Low-Resolution Time Series for Port Behavior Analysis. In: Goodall, J.R., Conti, G., Ma, KL. (eds) Visualization for Computer Security. VizSec 2008. Lecture Notes in Computer Science, vol 5210. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85933-8_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-85933-8_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85931-4
Online ISBN: 978-3-540-85933-8
eBook Packages: Computer ScienceComputer Science (R0)