Detecting Distributed Scans Using High-Performance Query-Driven Visualization
Kurt Stockinger
E. Wes Bethel1
Scott Campbell
Eli Dart
Kesheng Wu
Computational Res. Div., Univ. of California, Berkeley, CA;
This paper appears in: SC 2006 Conference, Proceedings of the ACM/IEEE
Publication Date: Nov. 2006
On page(s): 39-39
Location: Tampa, FL,
ISBN: 0-7695-2700-0
INSPEC Accession Number: 9353245
Digital Object Identifier: 10.1109/SC.2006.25
Current Version Published: 2007-02-12
Abstract
Modern forensic analytics applications, like network traffic analysis, perform high-performance hypothesis testing, knowledge discovery and data mining on very large datasets. One essential strategy to reduce the time required for these operations is to select only the most relevant data records for a given computation. In this paper, we present a set of parallel algorithms that demonstrate how an efficient selection mechanism - bitmap indexing - significantly speeds up a common analysis task, namely, computing conditional histogram on very large datasets. We present a thorough study of the performance characteristics of the parallel conditional histogram algorithms. As a case study, we compute conditional histograms for detecting distributed scans hidden in a dataset consisting of approximately 2.5 billion network connection records. We show that these conditional histograms can be computed on interactive time scale (i.e., in seconds). We also show how to progressively modify the selection criteria to narrow the analysis and find the sources of the distributed scans
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
