Entity Relationship Diagram

http://cyprus.cmcl.cs.cmu.edu/projects/entropy_analysis/chrome/common/er_diagram.png

Entity Descriptions:

  • INTERVALS: the top level information about an interval, which is an aggregation of flows in a timespan of 5 minutes
  • FLOWS: contains all of the raw Argus flow level information (partitioned by interval)
  • METRICS: an integer representation of all of the metrics used in the analysis for reference with a human readable text format
  • INTERVAL_STATS: each interval may have an associated cache of the most recent statistics which are its entropy and deviation scores
  • INTERVAL_ALARMS: alarms generated by metric/method pairs based on the deviation scores and associated with an interval
  • ALARMS: types of alarms generated which are typically associated with a method and deviation score
  • LABELED_FLOWS: flows that were manually labeled to be of an attack
  • LABELS: a label associated with one or more flows describing in human readable form the attack to which they belong
  • ANOMALIES: a high level way of assigning types to labels for easy lookup of labeled attacks, such as horizontal scan or flood