Temporal and spatial distributed event correlation for network security

Author

Jiang, Guofei ; Cybenko, George

Author_Institution

Inst. for Security Technol. Studies, Dartmouth Coll., Hanover, NH, USA

Volume

2

fYear

2004

fDate

June 30 2004-July 2 2004

Firstpage

996

Abstract

Computer networks produce large amount of event-based data that can be collected for network security and management analysis. Computer networks are dynamic systems and network events are the observable of their dynamic activities. Evidence of attacks against a network and its resources is often scattered among these distributed events. Therefore, a critical challenge is to correlate these events across observation space and time to detect various attack scenarios. This paper analyzes how control and estimation methods can be applied to correlate distributed events for network security. Based on those methods, a process query system has been implemented which can scan and correlate distributed network events according to users´ high-level description of dynamic processes.

Keywords

computer network management; query processing; security of data; telecommunication security; computer networks; digital signatures; dynamic processes; dynamic systems; management analysis; network attack detection; network security; query process system; spatial distributed network event correlation; temporal distributed network event correlation;

fLanguage

English

Publisher

ieee

Conference_Titel

American Control Conference, 2004. Proceedings of the 2004

Conference_Location

Boston, MA, USA

ISSN

0743-1619

Print_ISBN

0-7803-8335-4

Type

conf

Filename

1386701