Intelligent Security Console Architecture

摘要

This report addresses the design of an Intelligent Security Console equipped with Intrusion Detection Message Exchange Format (IDMEF) Objects' data mining for the DARPA Ultra*Log Program. It supports the scalable Monitoring and Response security console architecture. The Data Mining capability requires scalability of message management, that has been ensured through incorporation of an XML Database (eXist). Security console is used to query for IDMEF alerts generated across the society by various sensors (including COTS). The results are shown as a tree with the structure corresponding to the security communities' hierarchy in getting the society status through queries and alert messages. The latest version (4.1) of the security console is designed to mine frequent patterns in Intrusion attacks with an XML repository for collecting and organizing alerts and event messages. This ensures scalability and organized storage of voluminous information over a period of time.