Intelligent Security Console Architecture
Final rept. Mar 2000-Mar 2005
MEMPHIS UNIV TN
Pagination or Media Count:
This report addresses the design of an Intelligent Security Console equipped with Intrusion Detection Message Exchange Format IDMEF Objects data mining for the DARPA UltraLog Program. It supports the scalable Monitoring and Response security console architecture. The Data Mining capability requires scalability of message management, that has been ensured through incorporation of an XML Database eXist. Security console is used to query for IDMEF alerts generated across the society by various sensors including COTS. The results are shown as a tree with the structure corresponding to the security communities hierarchy in getting the society status through queries and alert messages. The latest version 4.1 of the security console is designed to mine frequent patterns in Intrusion attacks with an XML repository for collecting and organizing alerts and event messages. This ensures scalability and organized storage of voluminous information over a period of time.
- Computer Programming and Software
- Computer Systems Management and Standards