120 research outputs found

    Survey of Intrusion Detection Research

    Get PDF
    The literature holds a great deal of research in the intrusion detection area. Much of this describes the design and implementation of specific intrusion detection systems. While the main focus has been the study of different detection algorithms and methods, there are a number of other issues that are of equal importance to make these systems function well in practice. I believe that the reason that the commercial market does not use many of the ideas described is that there are still too many unresolved issues. This survey focuses on presenting the different issues that must be addressed to build fully functional and practically usable intrusion detection systems (IDSs). It points out the state of the art in each area and suggests important open research issues

    Design and development of protocol log analyzer for cellular modem

    Get PDF
    Abstract. Telecommunications protocols and cellular modems are used in devices to facilitate wireless communication. Cellular modems produce log files, which have to be analyzed by engineers when issues occur. Performing the analysis for large logs manually can be very time consuming, thus different approaches for trying to automate or simplify the process exist. This thesis presents design and development for a cellular modem log analysis tool. The tool is designed to take into account peculiarities of telecommunications protocols and cellular modems, especially of 5G New Radio Radio Resource Control protocol. A notation for defining analysis rules used by the tool is presented to be used alongside the tool. The developed tool is a proof-of-concept, with focus being on how the tool performs the analysis and how the notation can be used to define the wanted analysis rules. The features of the notation include defining expected content of protocol messages and order of log message sequences. The tool performs well with artificial modem logs, though some flaws in the notation are recognized. In the future, the tool and the notation should be updated with support for real cellular modem logs and evaluated in field use cases by cellular modem engineers.Matkapuhelinmodeemien lokitiedostojen analysointityökalun suunnittelu ja toteutus. Tiivistelmä. Tietoliikenneprotokollia ja matkapuhelinmodeemeja käytetään laitteissa langattoman tiedonsiirron mahdollistamiseksi. Matkapuhelinmodeemit tuottavat lokitiedostoja, joita insinöörien täytyy analysoida ongelmatilanteissa. Suurten lokitiedostojen analysointi manuaalisesti on työlästä, joten on olemassa keinoja prosessin automatisointiin tai yksinkertaistamiseen. Tämä työ esittelee suunnitelman ja toteutuksen matkapuhelinmodeemin lokitiedostojen analysointityökalulle. Työkalun suunnittelussa on otettu huomioon tietoliikenneprotokollien, erityisesti 5G New Radion radioresurssien hallintaprotokollan (RRC), ja matkapuhelinmodeemien erikoisuudet. Merkintäsäännöstö, jolla voidaan määritellä analyysisäännöt, esitellään työkalulle. Kehitetty työkalu on karkea prototyyppi. Kehityksessä keskitytään työkalun analyysiominaisuuksiin ja mahdollisuuksiin käyttää merkintäsäännöstöä määrittämään halutut analyysisäännöt. Merkintäsäännöstön ominaisuuksiin kuuluu odotettujen lokiviestien sisällön ja järjestyksen määrittely. Työkalu suoriutuu keinotekoisien modeemilokitiedostojen kanssa hyvin, mutta joitain vikoja merkintäsäännöstöstä havaittiin. Tulevaisuuden kehitystä ajatellen työkalu kannattaisi päivittää toimimaan aitojen matkapuhelinmodeemien lokitiedostojen kanssa, että sen kykyä suoriutua aidoista käyttötilanteista voitaisiin arvioida

    Platform independent tool for local event correlation

    Get PDF
    Event correlation plays a crucial role in network management systems, helping to reduce the amount of event messages and making their meaning clearer to a human operator. In early network management systems, events were correlated only at network management servers. Most modern network management systems also provide means for local event correlation at agents, in order to increase the scalability of the system and to reduce network load. Unfortunately all event correlation tools currently available are commercial, quite expensive, and highly platform dependent. The author presents a free platform independent tool called sec for correlating network management events locally at an agent's side

    Contextual awareness, messaging and communication in nomadic audio environments

    Get PDF
    Thesis (M.S.)--Massachusetts Institute of Technology, Program in Media Arts & Sciences, 1998.Includes bibliographical references (p. 119-122).Nitin Sawhney.M.S

    CPA WebTrust practitioners\u27 guide

    Get PDF
    https://egrove.olemiss.edu/aicpa_guides/1788/thumbnail.jp

    Design and Analysis of a Dynamically Configured Log-based Distributed Security Event Detection Methodology

    Get PDF
    Military and defense organizations rely upon the security of data stored in, and communicated through, their cyber infrastructure to fulfill their mission objectives. It is essential to identify threats to the cyber infrastructure in a timely manner, so that mission risks can be recognized and mitigated. Centralized event logging and correlation is a proven method for identifying threats to cyber resources. However, centralized event logging is inflexible and does not scale well, because it consumes excessive network bandwidth and imposes significant storage and processing requirements on the central event log server. In this paper, we present a flexible, distributed event correlation system designed to overcome these limitations by distributing the event correlation workload across the network of event-producing systems. To demonstrate the utility of the methodology, we model and simulate centralized, decentralized, and hybrid log analysis environments over three accountability levels and compare their performance in terms of detection capability, network bandwidth utilization, database query efficiency, and configurability. The results show that when compared to centralized event correlation, dynamically configured distributed event correlation provides increased flexibility, a significant reduction in network traffic in low and medium accountability environments, and a decrease in database query execution time in the high-accountability case
    corecore