ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Scatter (and other) plots for visualizing user profiling data and network traffic
Full text PdfPdf (438 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security table of contents
Washington DC, USA
SESSION: VizSEC short papers session table of contents
Pages: 119 - 123  
Year of Publication: 2004
ISBN:1-58113-974-8
Author
Tom Goldring  National Security Agency
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 15,   Downloads (12 Months): 83,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1029208.1029227
What is a DOI?

ABSTRACT

The scatterplot continues to be one of the most useful tools for visualizing numeric data, however what we typically encounter in Computer Security is categorical and/or textual in nature, and how to convert it into a form where scatterplots apply is not always obvious. We outline some simple ideas for doing this and illustrate with two "real data" case studies: User Profiling and Network Traffic. In both cases the results can be quite surprising.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
ftp://ftp.njit.edu/pub/manikopo/data.
 
2
www.ll.mit.edu/IST/ideval/data/data_index.html.
 
3
Joint work with m. s. postol.
 
4
Renoir: General network visualization and manipulation program. http://www.nsa.gov/techtrans/techt00013.cfm.
 
5
B. Davison and H. Hirsch. Predicting sequences of user actions. In AAAI/ICML 1998 Workshop on Predicting the Future, 1998.
 
6
K. DeVault, N. Tucey, and D. Marchette. Analyzing process table and window title data for user identification in a windows environment. Naval Surface Warfare Center, NSWCDD/TR-03/122, 2004.
 
7
T. Goldring. Authenticating users by profiling behavior. In ICDM Workshop on Data Mining for Computer Security. Melbourne, Florida, November 2003.
 
8
Javitz and Valdes. The nides statistical component description and justification. http://www.sdl.sri.com/projects/nides/reports/statreport.ps.gz.
 
9
T. Lane and C. E. Brodley. Sequence matching and learning in anomaly detection for computer security. In AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management. Providence, RI, 1997.
 
10
Y. Liao. Windows nt user profiling with support vector machines. In Proc. 2002 UC Davis Student Workshop on Computing, Technical Report CSE-2002-28. Dept. of Computer Science, UC Davis, 2002.
 
11
David J. Marchette , V. Nair , M. Jordan , S. L. Lauritzen , J. Lawless, Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint, Springer-Verlag New York, Inc., Secaucus, NJ, 2001
 
12
Roy A. Maxion , Kymie M.C. Tan, Anomaly Detection in Embedded Systems, IEEE Transactions on Computers, v.51 n.2, p.108-120, February 2002  [doi>10.1109/12.980003 ]
 
13
Roy A. Maxion , Tahlia N. Townsend, Masquerade Detection Using Truncated Command Lines, Proceedings of the 2002 International Conference on Dependable Systems and Networks, p.219-228, June 23-26, 2002
 
14
P. Reiher. File profiling for insider threats. Sensors Directorate, Air Force Research Laboratory, AFRL-SN-WP-TR-2002-1102, 2002.
 
15
J. Shavlik, M. Shavlik, and M. Fahland. Evaluating software sensors for actively profiling windows 2000 computer users. In Fourth International Symposium on Recent Advances in Intrusion Detection. Davis, CA, 2001.
 
16
T. Spyrou , J. Darzentas, Intention modelling: approximating computer user intentions for detection and prediction of intrusions, Information systems security: facing the information society of the 21st century, Chapman & Hall, Ltd., London, UK, 1996
 
17
D. Swayne, D. Cook, A. Buja, and D. Lang. gobi manual. http://www.ggobi.org/manual.pdf, 2003.
 
18
Kymie M. C. Tan , Roy A. Maxion, "Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.188, May 12-15, 2002
 
19
M. Theus and M. Schonlau. Intrusion detection based on structural zeroes. Statistical Computing & Graphics Newsletter, 9(1):12--17, 1998.

CITED BY  2
Charles V. Wright , Fabian Monrose , Gerald M. Masson, Using visual motifs to classify encrypted traffic, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
 
Evan Hughes , Anil Somayaji, Towards network awareness, Proceedings of the 19th conference on Large Installation System Administration Conference, p.12-12, December 04-09, 2005, San Diego, CA

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.4 INFORMATION SYSTEMS APPLICATIONS


General Terms:
Security


Keywords:
visualization

Collaborative Colleagues:
Tom Goldring: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player