|
Title:
|
SNORTMART A NETWORK INTRUSION DETECTIONSYSTEM DATAMART |
|
Author(s):
|
Mohsen Beheshti , Marcus Mizushima |
|
ISBN:
|
978-972-8924-40-9 |
|
Editors:
|
Jörg Roth, Jairo Gutiérrez and Ajith P. Abraham (series editors: Piet Kommers, Pedro Isaías and Nian-Shing Chen) |
|
Year:
|
2007 |
|
Edition:
|
Single |
|
Keywords:
|
Network, Intrusion Detection, DataMart, SnortMart |
|
Type:
|
Full Paper |
|
First Page:
|
17 |
|
Last Page:
|
24 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
Network intrusion detection is commonly thought of as the process of determining when unauthorized people are making
an attempt to break into your network. However, this is not a complete picture of network intrusion detection. Though
unauthorized login attempts is an easy to understand example of an intrusion, there are other types of activity that are not
as clear cut, such as probing your network with port scans or pings. Though not a direct attempt to break into your
network, these types of activities are a typical precursor to more hostile activity, and thus are considered an intrusion and
should be identified as such. Network Intrusion Detection Systems (NIDS) capture large amounts of data that is difficult
or impractical to report and analyze directly from the capture device. It is also common to have more than one NIDS
device and reporting from a consolidated (multi-NIDS device) perspective can also be difficult or not practical,
depending on the number of NIDS devices. To provide a platform for multi-NIDS device reporting and analysis, this
paper describes a consolidated database, or DataMart design and implementation to store data from multiple Snort NIDS
devices. This consolidated DataMart, called SnortMart is optimized for reporting and analysis and can provide a
platform for better understanding of NIDS device information. |
|
|
|
|
|
|
