Download NetSEC: metrology based-application for network security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
Document related concepts

Extensible Storage Engine wikipedia , lookup

Entity–attribute–value model wikipedia , lookup

Concurrency control wikipedia , lookup

Functional Database Model wikipedia , lookup

Database wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

SQL wikipedia , lookup

Open Database Connectivity wikipedia , lookup

PL/SQL wikipedia , lookup

Relational model wikipedia , lookup

Clusterpoint wikipedia , lookup

Database model wikipedia , lookup

Transcript 
NetSEC:
metrology-based application
for network security
Jean-François SCARIOT
Bernard MARTINET
Centre
Interuniversitaire
de Calcul de Grenoble
TNC 2002
June 2002
Plan

Metrology



NetSEC




Why, what & how?
Analyze
Goals
Architecture
Available tools
Conclusion
2
why to measure?

To know network usage

To know network availability

To detect dysfunction

To do cost sharing

Also… to improve security
3
What and how to measure?
 Qualitative: knowing its network
 I/O traffic load, CPU load, collision…
 Watch the counters of the equipments
 Quantitative: controlling its network
 Traffic type, I/O traffic load per host or
group...
 extract information from frame analysis
4
Measurement to supervise

Daily supervision (15’ is enough )

Curves or bar graphs

Always the same "look"
“To control and manage a network,
you must visualize its behaviour”
5
Highlighting a problem
A « normal » day
Monday April the 2nd 2001
May be some problems
Monday April the 9th 2001
6
Highlighting a problem
Unfortunately!
Problem discovery is a posteriori
We have to go back
And
analyze the traffic of the involved period.
7
Traffic analyzing

Locate the host(s)

Date, addresses, intrusion method, extend of
the damage…

HOW?

Doing crosschecking

Sorting metrology data on several parameters
 Powerful sorting tools are needed!
8
NetSEC goals

To have an evolving software

To analyze “well-known” data



NetMET
IPtrafic
To support open standards
To improve the security of
networking computers
9
NetSEC foundations

Using a relational database

A simple network description

A modular architecture

Using an open source software
10
Open software

Linux system (Redhat)

MySQL database

Apache Web server

JAVA
11
About database

JDBC database access

Basic SQL queries

One loader per collector
12
DB structure

One table for one day (of data)





src@ & dst@
Date
Port & protocol
Volume
One table for the network description
13
Network description

A network


An organism


University Joseph Fourier
An entity


192.168.10.11/24
CICG
A location

Campus of Grenoble
14
Available tools

A data query module

A graphic generator module

A data mining module
15
Architecture
Query
Process
Collector
HTML
Requests
Query Engine
Collected
Data
SQL
Requests
Loader
DB
SQL
Requests
Graphic
Generation
Process
Graphic Generator Engine
Network
Description
SQL
Requests
KDD
Process
Knowledge Discovery
Database Engine
ALARMS
REPPORTS
16
The query tool

To use the SQL power




Sort
Query
Extract
Querying data with a friendly interface
17
Web interface (Question)
18
How does it work?

Parameters processing

JDBC driver loading & connection

Building and executing the SQL query

Displaying the results
19
Web interface (Answer)
20
Graphic generation

A zoom of a network on demand.

A supervision of a determined services
21
Graphic generation: HTTP
22
Functioning

Database system provides data

Querying database (with SQL queries)

Returning results to MRTG for displaying

MRTG Graphics building
23
Graphic generation: SSH
24
Data mining

Produce unknown information



non trivial
Useful
Produce association rules

A and B => C
25
Association rules process
Explanation
Association
Rules
Generation
Corn flakes and sugar  milk
Association
rules
Large
Itemsets
Research
Data
Selection
Knowledge
Large
Itemsets
Set of
Transactions
Database
26
Association rule example
"] 14h-19h]"
AND
"SCAN/REGULAR_SERV"
AND
"[0-1KB]"
AND
53
 "TUESDAY"
(14.8%, 90.4%)
27
Conclusion



A contribution to improve security
A metrology based-application
 Built on a database
 Open & Modular
Who would like to participate?
E-mail : [email protected] 
28
TIGRE
29
Related documents
BIS 3204 Database DB Programming
BIS 3204 Database DB Programming
Elements of SQL Data Definition Language
Elements of SQL Data Definition Language
jAdmin: Remote database admin tool
jAdmin: Remote database admin tool
Document
Document
Unit 5 Study Guide
Unit 5 Study Guide
PPT - ETH Systems Group
PPT - ETH Systems Group
Job Descriptions - Human Resources Department JOB GOAL
Job Descriptions - Human Resources Department JOB GOAL
Business Intelligence and Data Warehousing
Business Intelligence and Data Warehousing
MS-SQL-Developer - Metro Staffing Solutions
MS-SQL-Developer - Metro Staffing Solutions
Data Warehouse performance and maintenance
Data Warehouse performance and maintenance
Software Engineering Syllabus
Software Engineering Syllabus
Smart Search
Smart Search