Common Database Format for Network Security Data

Abstract

In the area of network security, there are numerous tools available for monitoring and for vulnerability scanning, but each has a unique way of representing its results. These log files, sometimes megabytes in size, can take hours or days for a system administrator to wade through. Although it is possible to develop tools to find relationships between events in a single log and even between events in multiple logs from the same tool, there currently is no way of searching for these relationships between different logs from different security tools. This project takes the first step towards this goal by providing: (a) a single relational database in which each tool's log files will be stored, and (b) a mechanism for routinely updating the database with the latest data from these security tools. In the future, this homogeneous format for storing security-related tools' outputs may be used for trend analysis and other data mining techniques in order to discover otherwise obfuscated events.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 26, 1999
Accession Number
ADA366464

Entities

People

  • Robert A. Mixer

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Abstracts
  • Air Force
  • Communications Protocols
  • Computer Network Security
  • Computer Science
  • Databases
  • Detection
  • Economic Forecasting
  • Graphical User Interface
  • Information Systems
  • Intrusion
  • Intrusion Detection
  • Language
  • Networks
  • Relational Databases
  • Security
  • User Interface

Fields of Study

  • Computer science

Readers

  • Distributed Systems and Data Platform Development
  • Parallel and Distributed Computing.
  • Strategic Security Studies

Technology Areas

  • AI & ML
  • Cyber