Existence Plots: A Low-Resolution Time Series for Port Behavior Analysis
• White Paper
Software Engineering Institute
This white paper was presented at VizSec '08, the Symposium on Visualization for Cyber Security, which took place in Cambridge, Massachusetts, in September 2008.
An existence plot is a low-resolution visualization that concurrently represents the activity of all 216 ports on a single host. By doing so, we are able to show patterns of port usage which can indicate server activity and demonstrate scanning. In this work, we introduce the existence plot as a visualization and discuss its use in gaining insight into a host's behavior.