Presentation is loading. Please wait.

Presentation is loading. Please wait.

NetSEC: metrology-based application for network security Jean-François SCARIOT Bernard MARTINET Centre Interuniversitaire de Calcul de Grenoble TNC 2002.

Published byDaniel Watkins Modified over 11 years ago

Similar presentations

Presentation on theme: "NetSEC: metrology-based application for network security Jean-François SCARIOT Bernard MARTINET Centre Interuniversitaire de Calcul de Grenoble TNC 2002."— Presentation transcript:

1 NetSEC: metrology-based application for network security Jean-François SCARIOT Bernard MARTINET Centre Interuniversitaire de Calcul de Grenoble TNC 2002 June 2002

2 2 Plan Metrology Why, what & how? Analyze NetSEC Goals Architecture Available tools Conclusion

3 3 why to measure? To know network usage To know network availability To detect dysfunction To do cost sharing Also… to improve security

4 4 What and how to measure? Qualitative: knowing its network I/O traffic load, CPU load, collision… Watch the counters of the equipments Quantitative: controlling its network Traffic type, I/O traffic load per host or group... extract information from frame analysis

5 5 Measurement to supervise Daily supervision (15 is enough ) Curves or bar graphs Always the same "look" To control and manage a network, you must visualize its behaviour

6 6 Highlighting a problem Monday April the 2nd 2001 Monday April the 9th 2001 A « normal » day May be some problems

7 7 Highlighting a problem Unfortunately! Problem discovery is a posteriori We have to go back And analyze the traffic of the involved period.

8 8 Traffic analyzing Locate the host(s) Date, addresses, intrusion method, extend of the damage… HOW? Doing crosschecking Sorting metrology data on several parameters Powerful sorting tools are needed! Powerful sorting tools are needed!

9 9 NetSEC goals To have an evolving software To analyze well-known data NetMET IPtrafic To support open standards To improve the security of networking computers

10 10 NetSEC foundations Using a relational database A simple network description A modular architecture Using an open source software

11 11 Open software Linux system (Redhat) MySQL database Apache Web server JAVA

12 12 About database JDBC database access Basic SQL queries One loader per collector

13 13 DB structure One table for one day (of data) src@ & dst@ Date Port & protocol Volume One table for the network description

14 14 Network description A network 192.168.10.11/24 An organism University Joseph Fourier An entity CICG A location Campus of Grenoble

15 15 Available tools A data query module A graphic generator module A data mining module

16 16 Architecture Query Engine Query Process SQL Requests HTML Requests Network Description Loader Graphic Generation Process Graphic Generator Engine SQL Requests DB KDD Process Knowledge Discovery Database Engine Collector Collected Data Loader SQL Requests ALARMS REPPORTS

17 17 The query tool To use the SQL power Sort Query Extract Querying data with a friendly interface

18 18 Web interface (Question)

19 19 How does it work? Parameters processing JDBC driver loading & connection Building and executing the SQL query Displaying the results

20 20 Web interface (Answer)

21 21 Graphic generation A zoom of a network on demand. A supervision of a determined services

22 22 Graphic generation: HTTP

23 23 Functioning Database system provides data Querying database (with SQL queries) Returning results to MRTG for displaying MRTG Graphics building

24 24 Graphic generation: SSH

25 25 Data mining Produce unknown information non trivial Useful Produce association rules A and B => C

26 26 Association rules process Database Set of Transactions Data Selection Explanation Knowledge Large Itemsets Large Itemsets Research Association rules Association Rules Generation Corn flakes and sugar milk

27 27 Association rule example "] 14h-19h]" AND "SCAN/REGULAR_SERV" AND "[0-1KB]" AND 53 "TUESDAY" (14.8%, 90.4%)

28 28 Conclusion A contribution to improve security A metrology based-application Built on a database Open & Modular Who would like to participate? E-mail : netsec@grenet.fr E-mail : netsec@grenet.fr

29 29 TIGRE

Download ppt "NetSEC: metrology-based application for network security Jean-François SCARIOT Bernard MARTINET Centre Interuniversitaire de Calcul de Grenoble TNC 2002."

Similar presentations

Delta Confidential 1 5/29 – 6/6, 2001 SAP R/3 V4.6c PP Module Order Change Management(OCM)

Delta Confidential 1 5/29 – 6/6, 2001 SAP R/3 V4.6c PP Module Order Change Management(OCM)
You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
Our library has two forms of encyclopedias: Hard copy and electronic versions. The first is simply the old-fashioned book on the shelf type of encyclopedia.

Our library has two forms of encyclopedias: Hard copy and electronic versions. The first is simply the old-fashioned "book on the shelf" type of encyclopedia.
Chapter 1: The Database Environment

Chapter 1: The Database Environment
Copyright © 2002 Pearson Education, Inc. Slide 1.

Copyright © 2002 Pearson Education, Inc. Slide 1.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
Determine Eligibility Chapter 4. Determine Eligibility 4-2 Objectives Search for Customer on database Enter application signed date and eligibility determination.

Determine Eligibility Chapter 4. Determine Eligibility 4-2 Objectives Search for Customer on database Enter application signed date and eligibility determination.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.

My Alphabet Book abcdefghijklm nopqrstuvwxyz.
0 - 0.

0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Similar presentations

Ads by Google