Title :
Temporal and spatial distributed event correlation for network security
Author :
Jiang, Guofei ; Cybenko, George
Author_Institution :
Inst. for Security Technol. Studies, Dartmouth Coll., Hanover, NH, USA
fDate :
June 30 2004-July 2 2004
Abstract :
Computer networks produce large amount of event-based data that can be collected for network security and management analysis. Computer networks are dynamic systems and network events are the observable of their dynamic activities. Evidence of attacks against a network and its resources is often scattered among these distributed events. Therefore, a critical challenge is to correlate these events across observation space and time to detect various attack scenarios. This paper analyzes how control and estimation methods can be applied to correlate distributed events for network security. Based on those methods, a process query system has been implemented which can scan and correlate distributed network events according to users´ high-level description of dynamic processes.
Keywords :
computer network management; query processing; security of data; telecommunication security; computer networks; digital signatures; dynamic processes; dynamic systems; management analysis; network attack detection; network security; query process system; spatial distributed network event correlation; temporal distributed network event correlation;
Conference_Titel :
American Control Conference, 2004. Proceedings of the 2004
Conference_Location :
Boston, MA, USA
Print_ISBN :
0-7803-8335-4
