Data Organization and Abstraction for Distributed Intrusion Detection

Show full item record

Title: Data Organization and Abstraction for Distributed Intrusion Detection
Author: McBride, Sean Patrick
Advisors: Dr. Christopher G. Healey, Committee Member
Dr. Robert St. Amant, Committee Chair
Dr. Laurie Williams, Committee Member
Abstract: Due to the rapid pace of technological development, we find that old systems are 'thrown away' in favor of newer technology. However, we find that data created by these earlier systems is persistent. A Digital Rosetta Stone [16] must be created to allow newer systems to correctly process data created by earlier technology. This document provides a case study of techniques that can be used to create a Digital Rosetta Stone between data formats and within a single evolving format. The intrusion detection domain provides a solid basis for this study. In a distributed intrusion detection system, many sensors and analyzers must communicate with each other. The Intrusion Detection Message Exchange Format (IDMEF) is a standardized XML format for such communication. To its detriment, the IDMEF specification has been evolving since its inception. Also, the XML parsing during queries can be cumbersome and hinder intrusion detection. Therefore, two Digital Rosetta Stones were created. One migrates information between different versions of the IDMEF standard. The other translates IDMEF XML information into a relational database management system to improve query performance.
Date: 2005-04-06
Degree: MS
Discipline: Computer Science
URI: http://www.lib.ncsu.edu/resolver/1840.16/1061


Files in this item

Files Size Format View
etd.pdf 331.2Kb PDF View/Open

This item appears in the following Collection(s)

Show full item record