Share Email Print
cover

Proceedings Paper

Process query systems for network security monitoring
Author(s): Vincent Berk; Naomi Fox
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

In this paper we present the architecture of our network security monitoring infrastructure based on a Process Query System (PQS). PQS offers a new and powerful way of efficiently processing data streams, based on process descriptions that are submitted as queries. In this case the data streams are familiar network sensors, such as Snort, Netfilter, and Tripwire. The process queries describe the dynamics of network attacks and failures, such as worms, multistage attacks, and router failures. Using PQS the task of monitoring enterprise class networks is simplified, offering a priority-based GUI to the security administrator that clearly outlines events that require immediate attention. The PQS-Net system is deployed on an unsecured production network; the system has successfully detected many diverse attacks and failures.

Paper Details

Date Published: 20 May 2005
PDF: 11 pages
Proc. SPIE 5778, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense IV, (20 May 2005); doi: 10.1117/12.609855
Show Author Affiliations
Vincent Berk, Dartmouth College (United States)
Naomi Fox, Dartmouth College (United States)


Published in SPIE Proceedings Vol. 5778:
Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense IV
Edward M. Carapezza, Editor(s)

© SPIE. Terms of Use
Back to Top