Study and implementation of integrated network security monitoring system

ZHANG Hui-min; QIAN Yi-ping; ZHENG Qing-hua; DONG Shi-jie; GUAN Xiao-hong

Tongxin xuebao (Jan 2003)

Study and implementation of integrated network security monitoring system

ZHANG Hui-min,
QIAN Yi-ping,
ZHENG Qing-hua,
DONG Shi-jie,
GUAN Xiao-hong

Affiliations

ZHANG Hui-min
QIAN Yi-ping
ZHENG Qing-hua
DONG Shi-jie
GUAN Xiao-hong

Abstract

Read online

The main intention of intrusion detection system （IDS） is to detect the action of unauthorized use, misuse, and all other abuse of computer systems, but it lacks of an effective monitoring console. In this paper, a novel model of integrated network security monitoring system （NSMS） is proposed, not only NSMS can capture different kinds of intrusion events from multiple and distributed heterogeneous Sensors, but also it can correlate these relative proofs, finally it can visualize the reasoning process. In this paper, we present the framework of NSMS, and then discuss some key issues of implementation, which are proof-getting, 損roof-correlation and result-visualization respectively. As the kernel of integrated network security and defense system, the prototype of NSMS has already been developed and tested, it is proved to be efficient, open and practical in network security monitoring.

intrusion detection system（IDS）;alert correlation;Bayes;goal-tree deduce;visualization

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords