20 May 2005 Process query systems for network security monitoring
Author Affiliations +
Abstract
In this paper we present the architecture of our network security monitoring infrastructure based on a Process Query System (PQS). PQS offers a new and powerful way of efficiently processing data streams, based on process descriptions that are submitted as queries. In this case the data streams are familiar network sensors, such as Snort, Netfilter, and Tripwire. The process queries describe the dynamics of network attacks and failures, such as worms, multistage attacks, and router failures. Using PQS the task of monitoring enterprise class networks is simplified, offering a priority-based GUI to the security administrator that clearly outlines events that require immediate attention. The PQS-Net system is deployed on an unsecured production network; the system has successfully detected many diverse attacks and failures.
© (2005) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Vincent Berk, Vincent Berk, Naomi Fox, Naomi Fox, } "Process query systems for network security monitoring", Proc. SPIE 5778, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense IV, (20 May 2005); doi: 10.1117/12.609855; https://doi.org/10.1117/12.609855
PROCEEDINGS
11 PAGES


SHARE
Back to Top