- Full text PDF available (3)
Scanning activity is a common activity on the Internet today, representing malicious activity such as information gathering by a motivated adversary or automated tools searching for vulnerable hosts (e.g., worms). Many scan detection techniques have been developed; however, their focus has been on smaller networks where packet-level information is… (More)
TCP/IP ports which are not in regular use (quiescent ports) can show surges in activity for several reasons. Two examples include the discovery of a vulnerability in an unused (but still present) network service or a new backdoor which runs on an unassigned or obsolete port. Identifying this anomalous activity can be a challenge, however, due to the… (More)
The R statistical language provides an analysis environment which is flexible, extensible and analytically powerful. This paper details its potential as an analysis and visualization interface to SiLK flow analysis tools as part of a network situational awareness capability.