Sciweavers

ACSAC
2003
IEEE

Log Correlation for Intrusion Detection: A Proof of Concept

14 years 5 months ago
Log Correlation for Intrusion Detection: A Proof of Concept
Intrusion detection is an important part of networkedsystems security protection. Although commercial products exist, finding intrusions has proven to be a difficult task with limitations under current techniques. Therefore, improved techniques are needed. We argue the need for correlating data among different logs to improve intrusion detection systems accuracy. We show how different attacks are reflected in different logs and argue that some attacks are not evident when a single log is analyzed. We present experimental results using anomaly detection for the virus Yaha. Through the use of data mining tools (RIPPER) and correlation among logs we improve the effectiveness of an intrusion detection system while reducing false positives.
Cristina Abad, Jed Taylor, Cigdem Sengul, William
Added 04 Jul 2010
Updated 04 Jul 2010
Type Conference
Year 2003
Where ACSAC
Authors Cristina Abad, Jed Taylor, Cigdem Sengul, William Yurcik, Yuanyuan Zhou, Kenneth E. Rowe
Comments (0)