{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T19:01:25Z","timestamp":1774551685176,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,29]],"date-time":"2004-10-29T00:00:00Z","timestamp":1099008000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,29]]},"DOI":"10.1145\/1029208.1029216","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:58:48Z","timestamp":1107107928000},"page":"45-54","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":65,"title":["Passive visual fingerprinting of network attack tools"],"prefix":"10.1145","author":[{"given":"Gregory","family":"Conti","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology"}]},{"given":"Kulsoom","family":"Abdullah","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology"}]}],"member":"320","published-online":{"date-parts":[[2004,10,29]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proceedings of IEEE Information Visualization","author":"Teoh","year":"2002","unstructured":"Teoh , S; Ma, K; Wu , F and Zhao , X . Case Study: Interactive Visualization for Internet Security , Proceedings of IEEE Information Visualization , 2002 . Teoh, S; Ma, K; Wu, F and Zhao, X. Case Study: Interactive Visualization for Internet Security, Proceedings of IEEE Information Visualization, 2002."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/VISUAL.2003.1250415"},{"key":"e_1_3_2_1_3_1","unstructured":"Teoh S. Graphical Presentation of Stepping-Stone Pairs Found. Initial Results. http:\/\/graphics.cs.ucdavis.edu\/ steoh\/ research\/tcpdump\/tcpdump.html last accessed April 2004.  Teoh S. Graphical Presentation of Stepping-Stone Pairs Found. Initial Results. http:\/\/graphics.cs.ucdavis.edu\/ steoh\/ research\/tcpdump\/tcpdump.html last accessed April 2004."},{"key":"e_1_3_2_1_4_1","unstructured":"Security Incident Fusion Tool National Center for Advanced Secure Systems Research Group. http:\/\/www.ncassr.org\/projects\/sift\/papers\/ last accessed April 2004.  Security Incident Fusion Tool National Center for Advanced Secure Systems Research Group. http:\/\/www.ncassr.org\/projects\/sift\/papers\/ last accessed April 2004."},{"key":"e_1_3_2_1_5_1","unstructured":"Cheswick B and Burch H. The Internet Mapping Project. http:\/\/research.lumeta.com\/ches\/map\/ last accessed April 2004.  Cheswick B and Burch H. The Internet Mapping Project. http:\/\/research.lumeta.com\/ches\/map\/ last accessed April 2004."},{"key":"e_1_3_2_1_6_1","volume-title":"http:\/\/www.cybergeography.org\/atlas\/atlas.html, last accessed","author":"An Atlas","year":"2004","unstructured":"An Atlas of Cyberspaces. http:\/\/www.cybergeography.org\/atlas\/atlas.html, last accessed April 2004 . An Atlas of Cyberspaces. http:\/\/www.cybergeography.org\/atlas\/atlas.html, last accessed April 2004."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-3458-4","volume-title":"Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint","author":"Marchette D.","year":"2001","unstructured":"Marchette , D. Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint , Springer , 2001 . Marchette, D. Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint, Springer, 2001."},{"key":"e_1_3_2_1_8_1","first-page":"210","volume-title":"Proceedings of the SPIE '2001 Conference on Visual Data Exploration and Analysis VIII, CA","author":"Erbacher R","year":"2001","unstructured":"Erbacher , R and Frincke , D . Visual Behavior Characterization for Intrusion and Misuse Detection . Proceedings of the SPIE '2001 Conference on Visual Data Exploration and Analysis VIII, CA , January 2001 , pp. 210 -- 218 . Erbacher, R and Frincke, D. Visual Behavior Characterization for Intrusion and Misuse Detection. Proceedings of the SPIE '2001 Conference on Visual Data Exploration and Analysis VIII, CA, January 2001, pp. 210--218."},{"key":"e_1_3_2_1_9_1","unstructured":"Code Red Worm Infections. Cooperative Association for Internet Data Analysis (CAIDA) http:\/\/www.caida.org\/tools\/visualization\/walrus\/examples\/codered\/.  Code Red Worm Infections. Cooperative Association for Internet Data Analysis (CAIDA) http:\/\/www.caida.org\/tools\/visualization\/walrus\/examples\/codered\/."},{"key":"e_1_3_2_1_10_1","volume-title":"J. Intrusion Detection and Visualization Using Perl. O'Reilly Open Source Conference 2001","author":"Juslin","year":"2001","unstructured":"Juslin , J. Intrusion Detection and Visualization Using Perl. O'Reilly Open Source Conference 2001 , San Diego, California, U.S.A., 23rd - 29th of July 2001 . Juslin, J. Intrusion Detection and Visualization Using Perl. O'Reilly Open Source Conference 2001, San Diego, California, U.S.A., 23rd - 29th of July 2001."},{"key":"e_1_3_2_1_11_1","unstructured":"Zalewski M. Strange Attractors and TCP\/IP Sequence Number Analysis. http:\/\/razor.bindview.com\/publish\/papers\/tcpseq.html last accessed April 2004.  Zalewski M. Strange Attractors and TCP\/IP Sequence Number Analysis. http:\/\/razor.bindview.com\/publish\/papers\/tcpseq.html last accessed April 2004."},{"key":"e_1_3_2_1_12_1","unstructured":"Zalewski M. Strange Attractors and TCP\/IP Sequence Number Analysis - One Year Later. http:\/\/lcamtuf.coredump.cx\/newtcp\/ last accessed April 2004.  Zalewski M. Strange Attractors and TCP\/IP Sequence Number Analysis - One Year Later. http:\/\/lcamtuf.coredump.cx\/newtcp\/ last accessed April 2004."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/795682.797522"},{"key":"e_1_3_2_1_14_1","unstructured":"Goodall J. Information Visualization for Intrusion Detection. The Intrusion Detection Tool Kit (IDtk). http:\/\/userpages.umbc.edu\/ jgood\/idtk.php last accessed April 2004.  Goodall J. Information Visualization for Intrusion Detection. The Intrusion Detection Tool Kit (IDtk). http:\/\/userpages.umbc.edu\/ jgood\/idtk.php last accessed April 2004."},{"key":"e_1_3_2_1_15_1","volume-title":"http:\/\/www.securedecisions.com\/, last accessed","author":"SecureScope","year":"2004","unstructured":"SecureScope . Secure Decisions. http:\/\/www.securedecisions.com\/, last accessed April 2004 . SecureScope. Secure Decisions. http:\/\/www.securedecisions.com\/, last accessed April 2004."},{"key":"e_1_3_2_1_16_1","volume-title":"http:\/\/www.stealthwatch.com\/, last accessed","author":"StealthWatch + Therminator. Lancope Corporation","year":"2004","unstructured":"StealthWatch + Therminator. Lancope Corporation . http:\/\/www.stealthwatch.com\/, last accessed April 2004 . StealthWatch + Therminator. Lancope Corporation. http:\/\/www.stealthwatch.com\/, last accessed April 2004."},{"key":"e_1_3_2_1_17_1","unstructured":"Ethereal: A Network Protocol Analyzer. http:\/\/www.ethereal.com\/ last accessed April 2004.  Ethereal: A Network Protocol Analyzer. http:\/\/www.ethereal.com\/ last accessed April 2004."},{"key":"e_1_3_2_1_18_1","unstructured":"Etherape: A Graphical Network Monitor. http:\/\/etherape.sourceforge.net\/ last accessed April 2004.  Etherape: A Graphical Network Monitor. http:\/\/etherape.sourceforge.net\/ last accessed April 2004."},{"key":"e_1_3_2_1_19_1","volume-title":"last accessed","author":"NetStumbler Homepage","year":"2004","unstructured":"NetStumbler Homepage , &lt;http:\/\/www.netstumbler.com\/&gt; , last accessed April 2004 . NetStumbler Homepage, &lt;http:\/\/www.netstumbler.com\/&gt;, last accessed April 2004."},{"key":"e_1_3_2_1_20_1","volume-title":"http:\/\/www.hlembke.de\/prod\/3dtraceroute\/, last accessed","author":"Traceroute Homepage","year":"2004","unstructured":"3D Traceroute Homepage , http:\/\/www.hlembke.de\/prod\/3dtraceroute\/, last accessed April 2004 . 3D Traceroute Homepage, http:\/\/www.hlembke.de\/prod\/3dtraceroute\/, last accessed April 2004."},{"key":"e_1_3_2_1_21_1","volume-title":"http:\/\/www.dtek.chalmers.se\/ d3august\/xt\/, last accessed","author":"The Xtraceroute Homepage","year":"2004","unstructured":"The Xtraceroute Homepage . http:\/\/www.dtek.chalmers.se\/ d3august\/xt\/, last accessed April 2004 . The Xtraceroute Homepage. http:\/\/www.dtek.chalmers.se\/ d3august\/xt\/, last accessed April 2004."},{"key":"e_1_3_2_1_22_1","volume-title":"last accessed","author":"Fydor","year":"2004","unstructured":"Fydor , \"Top 75 Network Security Tools,\" http:\/\/www.insecure.org\/tools.html , last accessed March 2004 . Fydor, \"Top 75 Network Security Tools,\" http:\/\/www.insecure.org\/tools.html, last accessed March 2004."},{"key":"e_1_3_2_1_23_1","volume-title":"http:\/\/www.tcpdump.org\/, last accessed","author":"Public Repository","year":"2004","unstructured":"TCPDUMP Public Repository , http:\/\/www.tcpdump.org\/, last accessed March 2004 . TCPDUMP Public Repository, http:\/\/www.tcpdump.org\/, last accessed March 2004."},{"key":"e_1_3_2_1_24_1","volume-title":"http:\/\/www.snort.org\/, last accessed","author":"Snort Project Page","year":"2004","unstructured":"Snort Project Page . http:\/\/www.snort.org\/, last accessed March 2004 . Snort Project Page. http:\/\/www.snort.org\/, last accessed March 2004."},{"key":"e_1_3_2_1_25_1","volume-title":"http:\/\/project.honeynet.org\/, last acccessed","author":"The Honeynet Project","year":"2004","unstructured":"The Honeynet Project . http:\/\/project.honeynet.org\/, last acccessed April 2004 . The Honeynet Project. http:\/\/project.honeynet.org\/, last acccessed April 2004."},{"key":"e_1_3_2_1_26_1","volume-title":"Inc.","author":"Ptacek T","year":"1998","unstructured":"Ptacek , T and Newsham , T . Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks , Inc. January , 1998 . http:\/\/www.insecure.org\/stf\/secnet_ids\/secnet_ids.html, last accessed April 2004. Ptacek, T and Newsham, T. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc. January, 1998. http:\/\/www.insecure.org\/stf\/secnet_ids\/secnet_ids.html, last accessed April 2004."},{"key":"e_1_3_2_1_27_1","volume-title":"The Visual Display of Quantitative Information","author":"Tufte E.","year":"2001","unstructured":"Tufte , E. The Visual Display of Quantitative Information . Second Edition. Graphics Press , May 2001 . Tufte, E. The Visual Display of Quantitative Information. Second Edition. Graphics Press, May 2001."},{"key":"e_1_3_2_1_28_1","volume-title":"Visual Explanations: Images and Quantities, Evidence and Narrative","author":"Tufte E.","year":"1997","unstructured":"Tufte , E. Visual Explanations: Images and Quantities, Evidence and Narrative . Graphics Press , February 1997 . Tufte, E. Visual Explanations: Images and Quantities, Evidence and Narrative. Graphics Press, February 1997."},{"key":"e_1_3_2_1_29_1","volume-title":"Envisioning Information","author":"Tufte E.","year":"1990","unstructured":"Tufte , E. Envisioning Information . Graphics Press , May 1990 . Tufte, E. Envisioning Information. Graphics Press, May 1990."},{"key":"e_1_3_2_1_30_1","volume-title":"Information Visualization","author":"Spence R.","year":"2000","unstructured":"Spence , R. Information Visualization . Pearson Addison Wesley , December 2000 . Spence, R. Information Visualization. Pearson Addison Wesley, December 2000."},{"key":"e_1_3_2_1_31_1","first-page":"100","volume-title":"A. Multidimensional Detective. IEEE Proceedings of Information Visualization '97","author":"Inselberg","unstructured":"Inselberg , A. Multidimensional Detective. IEEE Proceedings of Information Visualization '97 , pp. 100 -- 107 . Inselberg, A. Multidimensional Detective. IEEE Proceedings of Information Visualization '97, pp. 100--107."},{"key":"e_1_3_2_1_32_1","first-page":"100","volume":"1","author":"Inselberg A.","unstructured":"Inselberg , A. The Plane with Parallel Coordinates , The Visual Computer , 1 , pp. 100 -- 107 . Inselberg, A. The Plane with Parallel Coordinates, The Visual Computer, 1, pp. 100--107.","journal-title":"The Visual Computer"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1990.10474926"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-3458-4","volume-title":"Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint","author":"Marchette D.","year":"2001","unstructured":"Marchette , D. Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint . Springer Verlag , July 2001 . Marchette, D. Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Springer Verlag, July 2001."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.177365"}],"event":{"name":"CCS04: 11th ACM Conference on Computer and Communications Security 2004","location":"Washington DC USA","acronym":"CCS04","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1029208.1029216","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1029208.1029216","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:31:07Z","timestamp":1750264267000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1029208.1029216"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004,10,29]]},"references-count":35,"alternative-id":["10.1145\/1029208.1029216","10.1145\/1029208"],"URL":"https:\/\/doi.org\/10.1145\/1029208.1029216","relation":{},"subject":[],"published":{"date-parts":[[2004,10,29]]},"assertion":[{"value":"2004-10-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}