1 / 29

NetSEC: metrology-based application for network security

NetSEC: metrology-based application for network security. Jean-François SCARIOT Bernard MARTINET Centre Interuniversitaire de Calcul de Grenoble TNC 2002 June 2002. Plan. Metrology Why, what & how? Analyze NetSEC Goals Architecture Available tools Conclusion. why to measure?.

afia
Download Presentation

NetSEC: metrology-based application for network security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NetSEC: metrology-based application for network security Jean-François SCARIOT Bernard MARTINET Centre Interuniversitaire de Calcul de Grenoble TNC 2002 June 2002

  2. Plan • Metrology • Why, what & how? • Analyze • NetSEC • Goals • Architecture • Available tools • Conclusion

  3. why to measure? • To know network usage • To know network availability • To detect dysfunction • To do cost sharing • Also… to improve security

  4. What and how to measure? • Qualitative: knowing its network • I/O traffic load, CPU load, collision…  Watch the counters of the equipments • Quantitative: controlling its network • Traffic type, I/O traffic load per host or group...  extract information from frameanalysis

  5. Measurement to supervise • Daily supervision (15’ is enough ) • Curves or bar graphs • Always the same "look" “To control and manage a network, you must visualize its behaviour”

  6. Monday April the 2nd 2001 Monday April the 9th 2001 Highlighting a problem A « normal » day May be some problems

  7. Highlighting a problem Unfortunately! Problem discovery is a posteriori We have to go back And analyze the traffic of the involved period.

  8. Traffic analyzing • Locate the host(s) • Date, addresses, intrusion method, extend of the damage… • HOW? • Doing crosschecking • Sorting metrology data on several parameters  Powerful sorting tools are needed!

  9. NetSEC goals • To have an evolving software • To analyze “well-known” data • NetMET • IPtrafic • To support open standards To improve the security of networking computers

  10. NetSEC foundations • Using a relational database • A simple network description • A modular architecture • Using an open source software

  11. Open software • Linux system (Redhat) • MySQL database • Apache Web server • JAVA

  12. About database • JDBC database access • Basic SQL queries • One loader per collector

  13. DB structure • One table for one day (of data) • src@ & dst@ • Date • Port & protocol • Volume • One table for the network description

  14. Network description • A network • 192.168.10.11/24 • An organism • University Joseph Fourier • An entity • CICG • A location • Campus of Grenoble

  15. Available tools • A data query module • A graphic generator module • A data mining module

  16. Collector Collected Data Loader Loader Graphic Generation Process Graphic Generator Engine Network Description ALARMS REPPORTS KDD Process Query Process HTML Requests Knowledge Discovery Database Engine Query Engine SQL Requests SQL Requests SQL Requests Architecture DB

  17. The query tool • To use the SQL power • Sort • Query • Extract • Querying data with a friendly interface

  18. Web interface (Question)

  19. How does it work? • Parameters processing • JDBC driver loading & connection • Building and executing the SQL query • Displaying the results

  20. Web interface (Answer)

  21. Graphic generation • A zoom of a network on demand. • A supervision of a determined services

  22. Graphic generation: HTTP

  23. Functioning • Database system provides data • Querying database (with SQL queries) • Returning results to MRTG for displaying • MRTG Graphics building

  24. Graphic generation: SSH

  25. Data mining • Produce unknown information • non trivial • Useful • Produce association rules • A and B => C

  26. Explanation Association Rules Generation Large Itemsets Research Association rules Database Large Itemsets Data Selection Set of Transactions Knowledge Association rules process Corn flakes and sugar  milk

  27. "] 14h-19h]" AND "SCAN/REGULAR_SERV" AND "[0-1KB]" AND 53  "TUESDAY" (14.8%, 90.4%) Association rule example

  28. Conclusion • A contribution to improve security • A metrology based-application • Built on a database • Open & Modular • Who would like to participate? E-mail : netsec@grenet.fr 

  29. TIGRE

More Related