Modelo de dados de uma base de conhecimento para Internet Early Warning Systems
| Ano de defesa: | 2013 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Santa Maria
BR Ciência da Computação UFSM Programa de Pós-Graduação em Informática |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://repositorio.ufsm.br/handle/1/5405 |
Resumo: | The popularization of the Internet has provided an increase in the number of web applications that work with critical information. Parallel to this, attacks that exploit the vulnerabilities of these applications has also grown. This scenario has stimulated companies to invest in tools to monitor their network infrastructure in order to detect malicious activity. One of the main tools used by companies to monitor their network infrastructures and identifying attacks are Intrusion Detection Systems. However, due to expansion of the volume of data in computer networks, these systems are becoming limited. In contrast, researchers have explored the construction of Internet Early Warning Systems to monitor malicious activities on the Internet. This work proposes a data model of a knowledge base for Internet EarlyWarning Systems. The model represents the data of different aspects of the network with a focus on events related to intrusion detection, such as data of alerts generated by intrusion detection systems, information on response measures, traffic statistics and signatures of known attacks. A case study on a real network infrastructure demonstrates the applicability of the data model of knowledge base and identifies the advantages of its use. Furthermore, the data stored in the knowledge base potentializes the construction of situational awareness of monitored environment, directing the activities of the security team and helping in the decision process responses to potential attacks. |