Information Assurance Intrusion Detection Sensor Database Design: Lessons Learned

Abstract

Current architectural trends in information assurance for the DOD focuses on the fusion and correlation of large volumes of data collected across several intrusion detection systems and boundary devices. To be optimally effective this data must support near-real time analysis for immediate situational awareness, and long term trending, to identify subtle anomalies and suspicious events that could lead to compromise or denial-of-service. The obvious benefits of using a relational data model and SQL to help solve this problem continue to be observed at Air Force Research Laboratory (AFRL). Prototype integration environments for information assurance, using Oracle, have now been used in operational demonstrations. This paper explores the design implications and some operational pitfalls encountered integrating the Relational Database Management System (RDBMS) concepts into these prototype environments.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2001
Accession Number
ADA400127

Entities

People

  • Brian T. Spink
  • Thomas M. Blake
  • Vincent Salerno

Organizations

  • Rome Laboratory

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Boundaries
  • Computer Programming
  • Database Management Systems
  • Databases
  • Detection
  • Detectors
  • Information Assurance
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Lessons Learned
  • Relational Database Management Systems
  • Relational Databases
  • Security
  • Situational Awareness

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Cybersecurity.
  • Database Systems and Applications