Process query systems for network security monitoring

被引:3
作者
Berk, V [1 ]
Fox, N [1 ]
机构
[1] Dartmouth Coll, Thayer Sch Engn, Hanover, NH 03755 USA
来源
Sensors, and Command, Control, Communications, and Intelligence (C31) Technologies for Homeland Security and Homeland Defense IV, Pts 1 and 2 | 2005年 / 5778卷
关键词
D O I
10.1117/12.609855
中图分类号
T [工业技术];
学科分类号
08 ;
摘要
In this paper we present the architecture of our network security monitoring infrastructure based on a Process Query System (PQS). PQS offers a new and powerful way of efficiently processing data streams, based on process descriptions that are submitted as queries. In this case the data streams are familiar network sensors, such as Snort, Netfilter, and Tripwire. The process queries describe the dynamics of network attacks and failures, such as worms, multistage attacks, and router failures. Using PQS the task of monitoring enterprise class networks is simplified, offering a priority-based GUI to the security administrator that clearly outlines events that require immediate attention. The PQS-Net system is deployed on an unsecured production network; the system has successfully detected many diverse attacks and failures.
引用
收藏
页码:520 / 530
页数:11
相关论文
共 50 条
  • [1] A Survey on Network Security Monitoring Systems
    Ghafir, Ibrahim
    Prenosil, Vaclav
    Svoboda, Jakub
    Hammoudeh, Mohammad
    2016 IEEE 4TH INTERNATIONAL CONFERENCE ON FUTURE INTERNET OF THINGS AND CLOUD WORKSHOPS (FICLOUDW), 2016, : 77 - 82
  • [2] Query optimum scheduling strategy on network security monitoring data streams
    Ren, Ying
    Li, Hua-wei
    Lv, Hong
    Lv, Hai-yan
    INFORMATION SYSTEMS AND COMPUTING TECHNOLOGY, 2013, : 115 - 119
  • [3] Process query systems
    Cybenko, George
    Berk, Vincent H.
    COMPUTER, 2007, 40 (01) : 62 - +
  • [4] Improving Network Security Monitoring for Industrial Control Systems
    Cruz, Tiago
    Barrigas, Jorge
    Proenca, Jorge
    Graziano, Antonio
    Panzieri, Stefano
    Lev, Leonid
    Simoes, Paulo
    PROCEEDINGS OF THE 2015 IFIP/IEEE INTERNATIONAL SYMPOSIUM ON INTEGRATED NETWORK MANAGEMENT (IM), 2015, : 878 - 881
  • [5] An overview of process query systems
    Cybenko, G
    Berk, V
    Crespi, V
    Jiang, GF
    Gray, RS
    SENSORS, AND COMMAND, CONTROL, COMMUNICATIONS, AND INTELLIGENCE(C31) TECHNOLOGIES FOR HOMELAND SECURITY AND HOMELAND DEFENSE III, PTS 1 AND 2, 2004, 5403 : 183 - 197
  • [6] Implementing large-scale autonomic server monitoring using process query systems
    Roblee, C
    Berk, V
    Cybenko, G
    ICAC 2005: Second International Conference on Autonomic Computing, Proceedings, 2005, : 123 - 133
  • [7] Moving Query Monitoring in Spatial Network Environments
    Fuyu Liu
    Kien A. Hua
    Mobile Networks and Applications, 2012, 17 : 234 - 254
  • [8] A Query Driven Security Testing Framework for Enterprise Network
    Bera, Padmalochan
    Ghosh, Soumya Kanti
    IEEE SIXTH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW 2013), 2013, : 476 - 483
  • [9] Moving Query Monitoring in Spatial Network Environments
    Liu, Fuyu
    Hua, Kien A.
    MOBILE NETWORKS & APPLICATIONS, 2012, 17 (02) : 234 - 254
  • [10] Process query systems for surveillance and awareness
    Berk, V
    Chung, W
    Crespi, V
    Cybenko, G
    Gray, R
    Hernando, D
    Jiang, GF
    Li, H
    Sheng, Y
    7TH WORLD MULTICONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL XII, PROCEEDINGS: INFORMATION SYSTEMS, TECHNOLOGIES AND APPLICATIONS: II, 2003, : 490 - 495
12345