Experience with EMERALD to Date
نویسندگان
چکیده
After summarizing the EMERALD architecture and the evolutionary process from which EMERALD has evolved, this paper focuses on our experience to date in designing, implementing, and applying EMERALD to various types of anomalies and misuse. The discussion addresses the fundamental importance of good software engineering practice and the importance of the system architecture { in attaining detectability, interoperability, general applicability, and future evolvability. It also considers the importance of correlation among distributed and hierarchical instances of EMERALD, and needs for additional detection and analysis components.
منابع مشابه
Experience with Emerald to Date 1st Usenix Workshop on Intrusion Detection and Network Monitoring
After summarizing the EMERALD architecture and the evolutionary process from which EMERALD has evolved, this paper focuses on our experience to date in designing, implementing, and applying EMERALD to various types of anomalies and misuse. The discussion addresses the fundamental importance of good software engineering practice and the importance of the system architecture { in attaining detect...
متن کاملDoes Knowledge Management really matter? Linking knowledge management practices, competitiveness and economic performance
For Authors: If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service. Information about how to choose which publication to write for and submission guidelines are available for all. Please visit About Emerald www.emeraldinsight.com With over forty years' experience, Emerald Group Publishing is a leading independent publisher of glob...
متن کاملEMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances
The EMERALD (Event Monitoring Enabling Responses to Anomalous Live Disturbances) environment is a distributed scalable tool suite for tracking malicious activity through and across large networks. EMERALD introduces a highly distributed, building-block approach to network surveillance, attack isolation, and automated response. It combines models from research in distributed high-volume event-co...
متن کاملExperiences of Informed Learning in the Undergraduate Classroom
Introduction This chapter discusses using phenomenography to study information experience. Emphasizing the experiential nature of learning, Marton, Runesson, and Tsui (2004, p. 5) made the statement, " Powerful ways of acting spring from powerful ways of seeing. " This deceptively simple statement argues for the need for research that reveals the experiences (ways of seeing) of learners. It sug...
متن کاملEMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances y
| The EMERALD (Event Monitoring Enabling Responses to Anomalous Live Disturbances) environment is a distributed scalable tool suite for tracking malicious activity through and across large networks. EMERALD introduces a highly distributed, buildingblock approach to network surveillance, attack isolation, and automated response. It combines models from research in distributed high-volume event-c...
متن کامل