What is Network Security Monitoring (NSM)?
- Monitoring of network traffic to detect cyber threats
- Rule-based inspection of traffic or machine learning-based analysis of flow statistics
- Sensor positioning for monitoring traffic is critical for detection coverage
- Generated alerts require interpretation to filter out false positives and act on detected threats
- CATRIN can enhance NSM in 3 areas:
- Improved interpretability and analysis through additional network information (NIP Augmentations)
- Improved detection coverage due to controlled routing through a monitored Autonomous System (AS) (Monitoring-as-a-Feature)
- New detection opportunities by enforcing monitoring of network traffic along distinct parts of the route (Future work)
- Regardless of how traffic is routed and where sensors are positioned, NSM performance can be improved by designing rules to improve specificity and coverage. (Detection Rule Design)
