SECOR

SECOR

Sensor Data Correlation Engine for Attack Detection and Support of Decision Process

SECOR is an application of the Sensor Data Correlation Engine for Attack Detection and Support of Decision Process. The aim of SECOR is to develop methodology allowing construction of next generation IDS/IPS systems with built-in artificial intelligence, capable of performing signature-less intrusion and anomaly detection.


The SECOR engine consists of three independent Blocks of Analysis (BAs), the correlation module and third party sensors. The common sources of information for individual detection methods inside BAs include vulnerability databases, system calls, logs and NetFlows. In BA we use some of methods includes Graph Clustering algorithms, Petri Nets, Neural Networks and advanced statistical methods in conjunction with the Complex Event Processing (CEP) engine. The BAs send detected events (symptoms of potential threats) in the STIX format to the CEP processor, where they are correlated and further analyzed. The Complex Event Processor analyzes multiple event streams and identifies meaningful patterns by means of complex conditions (rules in a dedicated query language) and temporal windows.


In SECOR we use a number of popular technologies and frameworks, e.g.: Neo4j graph database with cypher queries, Weka suite, WSO2 with Siddhi, Encog, relational databases and more.

Scheduled start date: 2012-12-01
Scheduled finish date: 2015-05-01
Status: completed
 
more
 
more

Contact:
PCSS
Marcin Jerzak
ul. Dąbrowskiego 79a
60-529 Poznań
tel. 61 858 20 65
Calendar
<< October 2017 >>
Mo
Tu
We
Th
Fr
Sa
Su
  
  
  
  
  
  
  1
  2
  3
  4
  5
  6
  7
  8
  9
10
11
12
13
14
15
16
17
18
20
21
22
23
24
25
26
27
28
29
30
31
  
  
  
  
  
Tenders