Title :
RECON-a tool for incident detection, tracking and response
Author :
Koilpillai, Juanita ; Beavers, John B. ; Swinton, Paul
Author_Institution :
Mountain Wave Inc., USA
fDate :
6/22/1905 12:00:00 AM
Abstract :
Recent discussions on the state of Intrusion Detection Systems and Network Security Tools has prompted the notion that what is needed is a solution that can fuse data from heterogeneous distributed network and host sensors; supports sophisticated analysis models and automated responses; provides the user with the appropriate `situational awareness´ so that efforts can be focussed on the right problems; is “enterprise-aware”. This paper presents some key concepts for such a solution by describing a tool, code named RECON, which is a result of extensive research and prototyping performed on an adaptive network security management framework funded by DARPA. This research indicates that in order for RECON to satisfy the stated requirements, it would need a standard message format and protocol; an analytical engine such as a rule-base; a flexible and extensible architecture; a graphical user interface that provides a unified view of various levels of information; a language to capture `enterprise´ rules
Keywords :
computer network management; security of data; Intrusion Detection Systems; RECON; analytical engine; graphical user interface; incident detection; network security management; standard message format; Adaptive systems; Data security; Engines; Fuses; Information analysis; Intrusion detection; Protocols; Prototypes; Sensor fusion; Sensor systems;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings
Conference_Location :
Hilton Head, SC
Print_ISBN :
0-7695-0490-6
DOI :
10.1109/DISCEX.2000.824979
