Characterization and visualization of sophisticated scanning attacks

Detection of sophisticated stealthy network scans requires analyzing large amounts of network data collected over long periods of time. The sheer volume of the data prohibits efficient detection from a pure algorithmic approach. However timely detection of such sophisticated scanning attacks is critical since the attacker employing these approaches is usually well-resourced and potentially can bring high impact to the network than a naive attacker can. To detect such sophisticated scans we propose the integration of algorithmic detection and visualization for human detection to simultaneously optimize computational complexity and human analyst time. The proposed approach provides real world detection capabilities without excessive computation overhead. We characterize the features of scanning attacks in a graph theory context, propose efficient graph algorithms to extract these features in real time, employ visualization techniques to show the relevant multidimensional characteristics, and provide test scenarios to show that the proposed work is more efficient and effective than previous approaches.