SDCI Sec Improvement: Enhancing Bro for Operational Network Security Monitoring in Scientific Environments

SDCI Sec 改进：增强 Bro 在科学环境中进行运营网络安全监控

• 批准号: 1032889
• 负责人: Robin Sommer
• 金额: $ 299.59万
• 依托单位: International Computer Science Institute
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-09-01 至 2014-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1032889&HistoricalAwards=false
• 关键词: SDCI; Sec; Improvement; Enhancing; Bro

Over recent years, significant effort has gone into ensuring highavailability and integrity of NSF-funded large-scale computationalresearch cyberinfrastructure. This project targets the improvementof a particular security component that is widely used to protectthese NSF investments: the open-source "Bro" intrusion detectionframework, which is deployed by major universities, large researchlabs, supercomputing centers, and open-science communities. Bro'spopularity is a two-edged sword, however, as it comes with demandsthat are often difficult to meet for the small research team behindthe system. Therefore, this work establishes a sustainabledevelopment model for Bro by providing explicit engineeringresources outside of the scope of research efforts, and uses them toadvance the system to a state at which Bro's user community can takea more active role in its future development. More specifically, this project (1) improves the perspective ofBro's end-users by providing extensive up-to-date documentation andsupport, and refining many of the rough edges that the system hasaccumulated over time; (2) unifies and modernizes Bro's current codebase that has evolved over 14 years of active development; (3)improves Bro's processing performance to the degree required foroperation in current and future large-scale scientific environments;and (4) adds new data analysis functionality in the form of a highlyinteractive graphical user interface and a transparent databaseinterface. By specifically addressing much of the feedback the Broteam has received from users, the project enables a wide range ofnew sites to use Bro effectively for protecting theircyberinfrastructure.

近年来，在确保NSF资助的大规模计算研究网络基础设施的高可用性和完整性方面做出了重大努力。该项目的目标是改进广泛用于保护这些NSF投资的特定安全组件：开源“Bro”入侵检测框架，该框架由主要大学，大型研究实验室，超级计算中心和开放科学社区部署。然而，Bro的声望是一把双刃剑，因为它带来的需求往往难以满足系统背后的小研究团队。因此，本工作通过提供研究工作范围之外的明确工程资源，为Bro建立了一个可持续发展的模型，并使用它们来推进系统，使Bro的用户社区能够在其未来的发展中发挥更积极的作用。更具体地说，该项目（1）通过提供广泛的最新文档和支持，改善了Bro最终用户的观点，并改进了系统随着时间的推移而积累的许多粗糙边缘;（2）统一和现代化了Bro经过14年积极开发而发展起来的现有代码库;（3）将Bro的处理性能提高到在当前和未来的大规模科学环境中运行所需的程度;（4）以高度交互的图形用户界面和透明的数据库界面的形式增加了新的数据分析功能。通过专门处理Broteam从用户那里收到的大部分反馈，该项目使广泛的新网站能够有效地使用Bro来保护他们的网络基础设施。