| Host Event Based Network Monitoring | |
| Chugg, Jonathan | |
| Idaho National Laboratory | |
| 关键词: 99 General And Miscellaneous Cyber Security; Cyber Security; 24 Power Transmission And Distribution; Scada; Host Event Based Network Monitoring; | |
| DOI : 10.2172/1070119 RP-ID : INL/EXT-13-28224 RP-ID : DE-AC07-05ID14517 RP-ID : 1070119 |
|
| 美国|英语 | |
| 来源: UNT Digital Library | |
 PDF
|
|
【 摘 要 】
The purpose of INL’s research on this project is to demonstrate the feasibility of a host event based network monitoring tool and the effects on host performance. Current host based network monitoring tools work on polling which can miss activity if it occurs between polls. Instead of polling, a tool could be developed that makes use of event APIs in the operating system to receive asynchronous notifications of network activity. Analysis and logging of these events will allow the tool to construct the complete real-time and historical network configuration of the host while the tool is running. This research focused on three major operating systems commonly used by SCADA systems: Linux, WindowsXP, and Windows7. Windows 7 offers two paths that have minimal impact on the system and should be seriously considered. First is the new Windows Event Logging API, and, second, Windows 7 offers the ALE API within WFP. Any future work should focus on these methods.
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| 1070119.pdf | 589KB |  download |
878987797
028-85220240
