22,269 research outputs found
ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems
We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%
ATLANTIDES: Automatic Configuration for Alert Verification in Network Intrusion Detection Systems
We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either signature- or anomaly-based) are reduced by correlating them with the output anomalies. We designed our architecture for TCP-based network services which have a client/server architecture (such as HTTP). Benchmarks show a substantial reduction of false positives between 50% and 100%
D-STREAMON: from middlebox to distributed NFV framework for network monitoring
Many reasons make NFV an attractive paradigm for IT security: lowers costs,
agile operations and better isolation as well as fast security updates,
improved incident responses and better level of automation. On the other side,
the network threats tend to be increasingly complex and distributed, implying
huge traffic scale to be monitored and increasingly strict mitigation delay
requirements. Considering the current trend of the net- working and the
requirements to counteract to the evolution of cyber-threats, it is expected
that also network monitoring will move towards NFV based solutions. In this
paper, we present D- StreaMon an NFV-capable distributed framework for network
monitoring realized to face the above described challenges. It relies on the
StreaMon platform, a solution for network monitoring originally designed for
traditional middleboxes. An evolution path which migrates StreaMon from
middleboxes to Virtual Network Functions (VNFs) has been realized.Comment: Short paper at IEEE LANMAN 2017. arXiv admin note: text overlap with
arXiv:1608.0137
Intelligent monitoring and fault diagnosis for ATLAS TDAQ: a complex event processing solution
Effective monitoring and analysis tools are fundamental in modern IT
infrastructures to get insights on the overall system behavior and to deal
promptly and effectively with failures. In recent years, Complex Event
Processing (CEP) technologies have emerged as effective solutions for
information processing from the most disparate fields: from wireless sensor
networks to financial analysis. This thesis proposes an innovative approach to
monitor and operate complex and distributed computing systems, in particular
referring to the ATLAS Trigger and Data Acquisition (TDAQ) system currently
in use at the European Organization for Nuclear Research (CERN). The
result of this research, the AAL project, is currently used to provide ATLAS
data acquisition operators with automated error detection and intelligent
system analysis.
The thesis begins by describing the TDAQ system and the controlling
architecture, with a focus on the monitoring infrastructure and the expert
system used for error detection and automated recovery. It then discusses
the limitations of the current approach and how it can be improved to
maximize the ATLAS TDAQ operational efficiency.
Event processing methodologies are then laid out, with a focus on CEP
techniques for stream processing and pattern recognition. The open-source
Esper engine, the CEP solution adopted by the project is subsequently
analyzed and discussed.
Next, the AAL project is introduced as the automated and intelligent
monitoring solution developed as the result of this research. AAL
requirements and governing factors are listed, with a focus on how stream
processing functionalities can enhance the TDAQ monitoring experience. The
AAL processing model is then introduced and the architectural choices are
justified. Finally, real applications on TDAQ error detection are presented. The main conclusion from this work is that CEP techniques can be
successfully applied to detect error conditions and system misbehavior.
Moreover, the AAL project demonstrates a real application of CEP concepts
for intelligent monitoring in the demanding TDAQ scenario. The adoption of
AAL by several TDAQ communities shows that automation and intelligent
system analysis were not properly addressed in the previous infrastructure.
The results of this thesis will benefit researchers evaluating intelligent
monitoring techniques on large-scale distributed computing system
Closing the loop of SIEM analysis to Secure Critical Infrastructures
Critical Infrastructure Protection is one of the main challenges of last
years. Security Information and Event Management (SIEM) systems are widely used
for coping with this challenge. However, they currently present several
limitations that have to be overcome. In this paper we propose an enhanced SIEM
system in which we have introduced novel components to i) enable multiple layer
data analysis; ii) resolve conflicts among security policies, and discover
unauthorized data paths in such a way to be able to reconfigure network
devices. Furthermore, the system is enriched by a Resilient Event Storage that
ensures integrity and unforgeability of events stored.Comment: EDCC-2014, BIG4CIP-2014, Security Information and Event Management,
Decision Support System, Hydroelectric Da
Behavior analysis for aging-in-place using similarity heatmaps
The demand for healthcare services for an increasing population of older adults is faced with the shortage of skilled caregivers and a constant increase in healthcare costs. In addition, the strong preference of the elderly to live independently has been driving much research on "ambient-assisted living" (AAL) systems to support aging-in-place. In this paper, we propose to employ a low-resolution image sensor network for behavior analysis of a home occupant. A network of 10 low-resolution cameras (30x30 pixels) is installed in a service flat of an elderly, based on which the user's mobility tracks are extracted using a maximum likelihood tracker. We propose a novel measure to find similar patterns of behavior between each pair of days from the user's detected positions, based on heatmaps and Earth mover's distance (EMD). Then, we use an exemplar-based approach to identify sleeping, eating, and sitting activities, and walking patterns of the elderly user for two weeks of real-life recordings. The proposed system achieves an overall accuracy of about 94%
- …