The Emerald Mission-Based Correlation System - An Experimental Data Analysis of Air Force Research Laboratory (AFRL) Air Force Enterprise Defense (AFED) Information Security (INFOSEC) Alarms

Abstract

This project was established to experiment on the efficacy of the SRI EMERALD Mission-based Correlation System (M-Correlator) in analyzing INFOSEC device aloft in the Air Force Research Laboratory Information Directorate (AFRL/IF) Air Force Enterprise Defense (AFED) System. A large set of ISS RealSecure alerts produced within the AFRL network computing environment was analyzed by SRI using M-Correlator. Review of the M-Correlator experimental results identified a significant incident reduction capability, coupled with an effective alert ranking system. M-Correlator provided two orders of magnitude reduction in aloft, and effectively isolated highest-threat security incidents in the experimental date set. Further development may integrate a future M-Correlator release into the AFRL AFED system.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2003
Accession Number
ADA412637

Entities

People

  • Martin Fong
  • Phillip Porras
  • Steven Chung

Organizations

  • SRI International

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Sensors

DTIC Thesaurus Topics

  • Air Force
  • Air Force Research Laboratories
  • Correlators
  • Data Analysis
  • Data Sets
  • Detection
  • Detectors
  • Experimental Data
  • Information Security
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Military Research
  • Network Computing
  • Operating Systems
  • Security
  • Vulnerability

Readers

  • Aviation Safety Risk Assessment.
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.
  • Thermal Physics or Thermal Science.