Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

Advanced Security Reporting Systems for Large Network Situational Awareness

  • Abstract

    In collaboration with NSA and JTF-GNO, the Network Situational Awareness (NetSA) group at CERT/CC, Software Engineering Institute, Carnegie Mellon University, has developed large-scale network traffic reporting systems that provide analysts with the capacity to dynamically query large summaries of network traffic over time. These systems are deployed on the NIPRNet as part of the JTF Centaur capability. In this presentation we describe the sensor and analysis technologies that support an asset inventory system, and serve as a foundation for a flexible, ad-hoc intrusion detection capability. These facilities have greatly increased our ability to respond strategically to information security challenges, and to detect novel threats to the NIPRNet, in an environment where both attacks and normal traffic are changing continuously.
  • Slides