Investigating Network Intrusion

Abstract

In today's information-hungry world, vast amounts of data pass through AF networks on a daily basis. Information Assurance, and the Air Force Enterprise Defense (AFED) product in particular, concerns itself with the protection of these networks and associated data. It is not unusual for security databases on large networks to add a million new records per day. The specific size and nature of these data is dynamic, depending greatly upon the number of network security sensors and the network load. While the static administrative data does not impose abnormal loads on the database, the more dynamic network data imposes stress on the database due to its unpredictable volume size and insertion rates. When the database contains millions of records, performance can suffer. To keep the database from becoming full or fragmented, these data records must be off loaded at certain intervals. Archiving and then removing network data causes database table sizes to fluctuate, which in turn can impact performance because indexes must be recalculated. Clearly, it is an imposing task to keep the database performing at its optimum. The goal of this paper is to discuss current storage and access methods, their advantages and shortcomings, what new database technologies are available, and what direction the database development should take to best serve the IO/IA environment.

Document Details

Document Type

Technical Report

Publication Date

Jan 01, 2003

Accession Number

ADA412544

Entities

Tags