Identifying and Investigating Intrusive Scanning Patterns by Visualizing Network Telescope Traffic in a 3-D Scatter-plot

- van Riel, Jean-Pierre, Irwin, Barry V W

Title
Identifying and Investigating Intrusive Scanning Patterns by Visualizing Network Telescope Traffic in a 3-D Scatter-plot
Creator
van Riel, Jean-Pierre, Irwin, Barry V W
Date
2006
Type
text
Type
article
Identifier
http://hdl.handle.net/10962/428719
Identifier
vital:72531
Identifier
https://citeseerx.ist.psu.edu/document?repid=rep1type=pdfanddoi=aeb0738f0e53a8c9f407fee7e55c852643f2644c
Description
Detecting and investigating intrusive Internet activity is an ever-present challenge for network administrators and security researchers. Network monitoring can generate large, unmanageable amounts of log data, which further complicates distinguishing between illegitimate and legiti-mate traffic. Considering the above issue, this article has two aims. First, it describes an investigative methodology for network monitoring and traffic review; and second, it discusses results from applying this meth-od. The method entails a combination of network telescope traffic cap-ture and visualisation. Observing traffic from the perspective of a dedi-cated sensor network reduces the volume of data and alleviates the concern of confusing malicious traffic with legitimate traffic. Compliment-ing this, visual analysis facilitates the rapid review and correlation of events, thereby utilizing human intelligence in the identification of scan-ning patterns. To demonstrate the proposed method, several months of network telescope traffic is captured and analysed with a tailor made 3D scatter-plot visualisation. As the results show, the visualisation saliently conveys anomalous patterns, and further analysis reveals that these patterns are indicative of covert network probing activity. By incorporat-ing visual analysis with traditional approaches, such as textual log re-view and the use of an intrusion detection system, this research contrib-utes improved insight into network scanning incidents.
Format
12 pages, pdf
Language
English
Relation
Information Security for South Africa, van Riel, J.P. and Irwin, B., 2006, July. Identifying and Investigating Intrusive Scanning Patterns by Visualizing Network Telescope Traffic in a 3-D Scatter-plot. In ISSA (pp. 1-12), Information Security for South Africa volume 2006 number 1 12 2006 2330-9881
Rights
Publisher
Rights
Use of this resource is governed by the terms and conditions of the IEEE Xplore Terms of Use Statement (https://ieeexplore.ieee.org/Xplorehelp/overview-of-ieee-xplore/terms-of-use)
  • Hits: 107
  • Visitors: 118
  • Downloads: 13

Collections

Irwin, Barry V W (Prof)
RU Department of Computer Science
SDG 09. Industry, Innovation and Infrastructure
Thumbnail File Description Size Format
SOURCE1 Identifying and Investigating Intrusive Scanning Patterns by Visualizing Network Telescope Traffic in a 3-D Scatter-plot.pdf 298 KB Adobe Acrobat PDF
  • Disclaimer
  • Privacy
  • Copyright
  • Contact