Advanced Security Reporting Systems for Large Network Situational Awareness

Abstract

In collaboration with NSA and JTF-GNO, the Network Situational Awareness (NetSA) group at CERT/CC, Software Engineering Institute, Carnegie Mellon University, has developed large-scale network traffic reporting systems that provide analysts with the capacity to dynamically query large summaries of network traffic over time. These systems are deployed on the NIPRNet as part of the JTF Centaur capability. In this presentation we describe the sensor and analysis technologies that support an asset inventory system, and serve as a foundation for a flexible, ad-hoc intrusion detection capability. These facilities have greatly increased our ability to respond strategically to information security challenges, and to detect novel threats to the NIPRNet, in an environment where both attacks and normal traffic are changing continuously.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2005
Accession Number
ADA636358

Entities

People

  • Gregory Virgin
  • Michael D. Collins

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Accumulators
  • Computer Network Security
  • Computer Networks
  • Computing System Architectures
  • Detection
  • Detectors
  • Engineering
  • Information Assurance
  • Information Security
  • Intrusion Detection
  • Inventory
  • Low Resolution
  • Networks
  • Security
  • Situational Awareness
  • Software Development
  • Standards

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Defense Technology Research and Development.