skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Bridging the Host-Network Divide: Survey, Taxonomy, and Solution

Abstract

Abstract: "This paper presents a new direction in security awareness tools for system administration--the Host-Network (HoNe) Visualizer. Our requirements for the HoNe Visualizer come from needs system administrators expressed in interviews, from reviewing the literature, and from conducting usability studies with prototypes. We present a tool taxonomy that serves as a framework for our literature review, and we use the taxonomy to show what is missing in the administrator's arsenal. Then we unveil our tool and its supporting infrastructure that we believe will fill the empty niche. We found that most security tools provide either an internal view of a host or an external view of traffic on a network. Our interviewees revealed how they must construct a mental end-to-end view from separate tools that individually give an incomplete view, expending valuable time and mental effort. Because of limitations designed into TCP/IP [RFC-791, RFC-793], no tool can effectively correlate host and network data into an end-to-end view without kernel modifications. Currently, no other visualization exists to support end-to-end analysis. But HoNe's infrastructure overcomes TCP/IP's limitations bridging the network and transport layers in the network stack and making end-to-end correlation possible. The capstone is the HoNe Visualizer that amplifies the users'more » cognitive power and reduces their mental workload by illustrating the correlated data graphically. Users said HoNe would be particularly good for discovering day-zero exploits. Our usability study revealed that users performed better on intrusion detection tasks using our visualization than with tools they were accustomed to using regardless of their experience level."« less

Authors:
; ; ;
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
983451
Report Number(s):
PNNL-SA-52883
TRN: US201014%%211
DOE Contract Number:
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: Proceedings of the 20th USENIX Large Installation Systems Administration Conference (LISA '06), 247-262
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICAL METHODS AND COMPUTING; COMPUTER NETWORKS; SECURITY; CRIME DETECTION; COMPUTER CODES; MANAGEMENT; Information visualization; computer security; correlation

Citation Formats

Fink, Glenn A., Duggirala, Vedavyas, Correa, Ricardo, and North, Christopher L. Bridging the Host-Network Divide: Survey, Taxonomy, and Solution. United States: N. p., 2007. Web.
Fink, Glenn A., Duggirala, Vedavyas, Correa, Ricardo, & North, Christopher L. Bridging the Host-Network Divide: Survey, Taxonomy, and Solution. United States.
Fink, Glenn A., Duggirala, Vedavyas, Correa, Ricardo, and North, Christopher L. Tue . "Bridging the Host-Network Divide: Survey, Taxonomy, and Solution". United States. doi:.
@article{osti_983451,
title = {Bridging the Host-Network Divide: Survey, Taxonomy, and Solution},
author = {Fink, Glenn A. and Duggirala, Vedavyas and Correa, Ricardo and North, Christopher L.},
abstractNote = {Abstract: "This paper presents a new direction in security awareness tools for system administration--the Host-Network (HoNe) Visualizer. Our requirements for the HoNe Visualizer come from needs system administrators expressed in interviews, from reviewing the literature, and from conducting usability studies with prototypes. We present a tool taxonomy that serves as a framework for our literature review, and we use the taxonomy to show what is missing in the administrator's arsenal. Then we unveil our tool and its supporting infrastructure that we believe will fill the empty niche. We found that most security tools provide either an internal view of a host or an external view of traffic on a network. Our interviewees revealed how they must construct a mental end-to-end view from separate tools that individually give an incomplete view, expending valuable time and mental effort. Because of limitations designed into TCP/IP [RFC-791, RFC-793], no tool can effectively correlate host and network data into an end-to-end view without kernel modifications. Currently, no other visualization exists to support end-to-end analysis. But HoNe's infrastructure overcomes TCP/IP's limitations bridging the network and transport layers in the network stack and making end-to-end correlation possible. The capstone is the HoNe Visualizer that amplifies the users' cognitive power and reduces their mental workload by illustrating the correlated data graphically. Users said HoNe would be particularly good for discovering day-zero exploits. Our usability study revealed that users performed better on intrusion detection tasks using our visualization than with tools they were accustomed to using regardless of their experience level."},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Apr 17 00:00:00 EDT 2007},
month = {Tue Apr 17 00:00:00 EDT 2007}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • No abstract prepared.
  • This paper summarizes the results of a signal taxonomy study of gamma ray burst (GRB) data acquired with sensors on-board the Pioneer-Venus Orbiter (PVO) spacecraft. GRB events produce large fluxes of gamma rays with durations of seconds to minutes and have been observed since the early 1970`s. The true nature of GRBs is still unknown and several competing theories exist. A fundamental point of contention among such theories is whether or not different types of GRB exist. If different types of GRBs are discovered in the existing PVO data base, the differences may correlate with their position or source characteristics.more » Hence, the goal of this project was to use artificial neural networks to perform signal taxonomy on the GRB data base to determine if unique classes or types of GRBs exist. A total of 26 signal features were identified, some of which can be associated directly with some characteristic of the GRB, such as duration, peak count rate, and gamma ray spectrum hardness. Additional features that were selected included the number of zero crossings in the wavelet transform and the fractal dimension of each signal. A self organizing neural network was used with the signal features to search for correlations among the signals contained in the database. The results of this analysis revealed an intrinsic dimensionality of 2 or 3 in the database. That is, it appears as though 2 or 3 distinct types of GRB may exist. In particular, two of the classes contain roughly 90% of the signals in the database of GRB signals we had to work with. These two classes are similar in characteristics but are still sufficiently distinct from one another to form separate categories. The third class of GRB is definitely distinct from the first two.« less
  • The future of Computing in High Energy Physics (HEP) applications depends on both the Network and Grid infrastructure. South Asian countries such as India and Pakistan are making significant progress by building clusters as well as improving their network infrastructure However to facilitate the use of these resources, they need to manage the issues of network connectivity to be among the leading participants in Computing for HEP experiments. In this paper we classify the connectivity for academic and research institutions of South Asia. The quantitative measurements are carried out using the PingER methodology; an approach that induces minimal ICMP trafficmore » to gather active end-to-end network statistics. The PingER project has been measuring the Internet performance for the last decade. Currently the measurement infrastructure comprises of over 700 hosts in more than 130 countries which collectively represents approximately 99% of the world's Internet-connected population. Thus, we are well positioned to characterize the world's connectivity. Here we present the current state of the National Research and Educational Networks (NRENs) and Grid Infrastructure in the South Asian countries and identify the areas of concern. We also present comparisons between South Asia and other developing as well as developed regions. We show that there is a strong correlation between the Network performance and several Human Development indices.« less
  • A Cooperative Solution Environmental Loan Program is currently being designed for implementation, on an annual membership basis, to California Banks. Its purpose is to provide comprehensive guidance to lenders covering all facets of due diligence associated with existing and/or new lending relationships on properties that are environmentally impacted and/or sensitive. This program will provide an interdependent process to clean-up, finance, reach regulatory sign-off, scientifically validate and commercialize new alternative technologies, followed by property development and/or revitalization. The program structure is unique in its ability to provide a regionalized network, linking banks to the regulatory agencies that review the clean-up processmore » as well as to the comprehensive resources that represent solutions to environmental loan problems.« less
  • This paper describes a gas transmission pipeline company with dissimilar local control and Supervisory Control and Data Acquisition (SCADA) systems that had formed over time, and the solution that was put into place to consolidate those systems. Great Lakes Gas Transmission Company (GLGT) had historically operated the pipeline from four geographically different locations with a combination of various local man-machine interface (MMI) control systems and an aging SCADA system. As new control systems were installed at compressor and meter stations, local and corporate data acquisition needs changed. It became apparent that the existing SCADA system which telemetered a minimal setmore » of control data could no longer support growth requirements. The decision was made to replace the old SCADA system with a new open state-of-the-art architecture. As a result of competitive bidding, the Valmet OASyS (Open Architecture SyStem) was selected and installed at multiple locations along the pipeline. Each system was connected with a Wide-Area-Network (WAN) and an application which enabled information to be shared among the locations. Operators may view information from any location along the pipeline, and may remotely control devices from authorized locations. In addition, the corporate office in Detroit, Michigan was given the capability to view information from the entire pipeline for administrative and planning purposes. the system installed at Detroit now functions as a gateway for information exchanged between GLGT`s parent companies.« less