Security Monitoring

14,000,000 Leading Edge Experts on the ideXlab platform

Scan Science and Technology

Contact Leading Edge Experts & Companies

Scan Science and Technology

Contact Leading Edge Experts & Companies

The Experts below are selected from a list of 7572 Experts worldwide ranked by ideXlab platform

Karim Ganame - One of the best experts on this subject based on the ideXlab platform.

  • A Framework Architecture for Agentless Cloud Endpoint Security Monitoring
    2019 IEEE Conference on Communications and Network Security (CNS), 2019
    Co-Authors: Asem Ghaleb, Issa Traore, Karim Ganame
    Abstract:

    Cloud computing endpoints Security Monitoring faces more challenges compared with traditional networks due to the ephemeral nature of cloud assets. Existing endpoint Security monitors use agents that must be installed on every computing host or endpoint. However, as the number of monitored instances increases, agents installation, configuration and maintenance become arduous and requires more efforts. Moreover, installed agents can increase the Security threat footprint and several companies impose restrictions on using agents on every computing system. This work provides a generic agentless endpoint framework for Security Monitoring of cloud computing endpoints. The endpoints are accessed by the Monitoring framework running on a central server. Since the Monitoring framework is separate from the machines for which the Monitoring is being performed, the various Security models of the framework can perform data retrieval and analysis without utilizing agents executing within the endpoints. The Monitoring framework retrieves transparently raw data from the monitored endpoints that are then fed to the Security modules integrated with the framework. These modules analyze the received data to perform Security Monitoring of the target endpoints. As a use case, a real-time intrusion detection model has been implemented to detect abnormal behaviors on endpoints based on the data collected using the introduced framework.

  • CNS - A Framework Architecture for Agentless Cloud Endpoint Security Monitoring
    2019 IEEE Conference on Communications and Network Security (CNS), 2019
    Co-Authors: Asem Ghaleb, Issa Traore, Karim Ganame
    Abstract:

    Cloud computing endpoints Security Monitoring faces more challenges compared with traditional networks due to the ephemeral nature of cloud assets. Existing endpoint Security monitors use agents that must be installed on every computing host or endpoint. However, as the number of monitored instances increases, agents installation, configuration and maintenance become arduous and requires more efforts. Moreover, installed agents can increase the Security threat footprint and several companies impose restrictions on using agents on every computing system. This work provides a generic agentless endpoint framework for Security Monitoring of cloud computing endpoints. The endpoints are accessed by the Monitoring framework running on a central server. Since the Monitoring framework is separate from the machines for which the Monitoring is being performed, the various Security models of the framework can perform data retrieval and analysis without utilizing agents executing within the endpoints. The Monitoring framework retrieves transparently raw data from the monitored endpoints that are then fed to the Security modules integrated with the framework. These modules analyze the received data to perform Security Monitoring of the target endpoints. As a use case, a real-time intrusion detection model has been implemented to detect abnormal behaviors on endpoints based on the data collected using the introduced framework.

Jun Hu - One of the best experts on this subject based on the ideXlab platform.

Dale (digital Bond Inc.) Peterson - One of the best experts on this subject based on the ideXlab platform.

  • Intrusion detection and cyber Security Monitoring of SCADA and DCS Networks
    ISA Automation West, 2004
    Co-Authors: Dale (digital Bond Inc.) Peterson
    Abstract:

    Governments and industry organizations, including ISA, have recognized that Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and other process control networks, referred to as SCADA networks in this paper, are potential targets of attack from hackers, disgruntled insiders, cyber terrorists, and others who want to disrupt the critical infrastructure. This paper describes how current intrusion detection and cyber Security Monitoring products and services used in IT enterprise networks can provide early identification of attacks from the most common threat agents. The deficiencies of the current general IT solutions are discussed, and future SCADA specific solutions are described. Special emphasis is placed on how intrusion detection can serve as a compensating Security control for the lack of Security in field communications. INTRODUCTION:

Thomas Engel - One of the best experts on this subject based on the ideXlab platform.

  • BigData Congress - A Big Data Architecture for Large Scale Security Monitoring
    2014 IEEE International Congress on Big Data, 2014
    Co-Authors: Samuel Marchal, X. Jiang, Radu State, Thomas Engel
    Abstract:

    Network traffic is a rich source of information for Security Monitoring. However the increasing volume of data to treat raises issues, rendering holistic analysis of network traffic difficult. In this paper we propose a solution to cope with the tremendous amount of data to analyse for Security Monitoring perspectives. We introduce an architecture dedicated to Security Monitoring of local enterprise networks. The application domain of such a system is mainly network intrusion detection and prevention, but can be used as well for forensic analysis. This architecture integrates two systems, one dedicated to scalable distributed data storage and management and the other dedicated to data exploitation. DNS data, NetFlow records, HTTP traffic and honeypot data are mined and correlated in a distributed system that leverages state of the art big data solution. Data correlation schemes are proposed and their performance are evaluated against several well-known big data framework including Hadoop and Spark.

  • A big data architecture for large scale Security Monitoring
    3rd IEEE International Congress on Big Data, BigData Congress 2014, 2014
    Co-Authors: Samuel Marchal, X. Jiang, Radu State, Thomas Engel
    Abstract:

    Network traffic is a rich source of information for Security Monitoring. However the increasing volume of data to treat raises issues, rendering holistic analysis of network traffic difficult. In this paper we propose a solution to cope with the tremendous amount of data to analyse for Security Monitoring perspectives. We introduce an architecture dedicated to Security Monitoring of local enterprise networks. The application domain of such a system is mainly network intrusion detection and prevention, but can be used as well for forensic analysis. This architecture integrates two systems, one dedicated to scalable distributed data storage and management and the other dedicated to data exploitation. DNS data, NetFlow records, HTTP traffic and honeypot data are mined and correlated in a distributed system that leverages state of the art big data solution. Data correlation schemes are proposed and their performance are evaluated against several well-known big data framework including Hadoop and Spark. © 2014 IEEE.

Asem Ghaleb - One of the best experts on this subject based on the ideXlab platform.

  • A Framework Architecture for Agentless Cloud Endpoint Security Monitoring
    2019 IEEE Conference on Communications and Network Security (CNS), 2019
    Co-Authors: Asem Ghaleb, Issa Traore, Karim Ganame
    Abstract:

    Cloud computing endpoints Security Monitoring faces more challenges compared with traditional networks due to the ephemeral nature of cloud assets. Existing endpoint Security monitors use agents that must be installed on every computing host or endpoint. However, as the number of monitored instances increases, agents installation, configuration and maintenance become arduous and requires more efforts. Moreover, installed agents can increase the Security threat footprint and several companies impose restrictions on using agents on every computing system. This work provides a generic agentless endpoint framework for Security Monitoring of cloud computing endpoints. The endpoints are accessed by the Monitoring framework running on a central server. Since the Monitoring framework is separate from the machines for which the Monitoring is being performed, the various Security models of the framework can perform data retrieval and analysis without utilizing agents executing within the endpoints. The Monitoring framework retrieves transparently raw data from the monitored endpoints that are then fed to the Security modules integrated with the framework. These modules analyze the received data to perform Security Monitoring of the target endpoints. As a use case, a real-time intrusion detection model has been implemented to detect abnormal behaviors on endpoints based on the data collected using the introduced framework.

  • CNS - A Framework Architecture for Agentless Cloud Endpoint Security Monitoring
    2019 IEEE Conference on Communications and Network Security (CNS), 2019
    Co-Authors: Asem Ghaleb, Issa Traore, Karim Ganame
    Abstract:

    Cloud computing endpoints Security Monitoring faces more challenges compared with traditional networks due to the ephemeral nature of cloud assets. Existing endpoint Security monitors use agents that must be installed on every computing host or endpoint. However, as the number of monitored instances increases, agents installation, configuration and maintenance become arduous and requires more efforts. Moreover, installed agents can increase the Security threat footprint and several companies impose restrictions on using agents on every computing system. This work provides a generic agentless endpoint framework for Security Monitoring of cloud computing endpoints. The endpoints are accessed by the Monitoring framework running on a central server. Since the Monitoring framework is separate from the machines for which the Monitoring is being performed, the various Security models of the framework can perform data retrieval and analysis without utilizing agents executing within the endpoints. The Monitoring framework retrieves transparently raw data from the monitored endpoints that are then fed to the Security modules integrated with the framework. These modules analyze the received data to perform Security Monitoring of the target endpoints. As a use case, a real-time intrusion detection model has been implemented to detect abnormal behaviors on endpoints based on the data collected using the introduced framework.