A Flexible, High Performance Service-Oriented Architecture for Detecting Cyber Attacks
The next generation of intrusion detection and cyber defense technologies must be highly flexible so that deployed solutions can be quickly modified to detect new attack scenarios. They must also be able to provide the performance necessary to monitor traffic from high speed networks, and scale to enterprise wide deployments. In this paper we describe our experiences in creating a production application for cyber situational awareness. The application exploits the capabilities of several independently developed components and integrates them using SIFT (Scalable Information Fusion and Triage), a service-oriented architecture (SOA) designed for creating domain-independent, enterprise scale analytical applications. SIFT exploits a common design pattern for composing analytical components, and extends an existing messaging platform with scaling capabilities. We describe the design of the application, and provide a performance analysis that demonstrates the capabilities of the SIFT platform. The paper concludes by discussing the lessons we have learned from this project, and outlines the architecture of the MeDICI, the next generation of our enterprise analytics platforms.
- Research Organization:
- Pacific Northwest National Laboratory (PNNL), Richland, WA (US)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 925494
- Report Number(s):
- PNNL-SA-56843
- Country of Publication:
- United States
- Language:
- English
Similar Records
The MeDICi Integration Framework: A Platform for High Performance Data Streaming Applications
MeDICi: An Open Platform for Sensor Integration