Log Correlation for Intrusion Detection: A Proof of Concept

14 years 4 months ago

Download www.acsac.org

Intrusion detection is an important part of networkedsystems security protection. Although commercial products exist, ﬁnding intrusions has proven to be a difﬁcult task with limitations under current techniques. Therefore, improved techniques are needed. We argue the need for correlating data among different logs to improve intrusion detection systems accuracy. We show how different attacks are reﬂected in different logs and argue that some attacks are not evident when a single log is analyzed. We present experimental results using anomaly detection for the virus Yaha. Through the use of data mining tools (RIPPER) and correlation among logs we improve the effectiveness of an intrusion detection system while reducing false positives.

Cristina Abad, Jed Taylor, Cigdem Sengul, William

Real-time Traffic

ACSAC 2003 | Detection Systems Accuracy | Intrusion Detection | Intrusion Detection System | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	04 Jul 2010
Updated	04 Jul 2010
Type	Conference
Year	2003
Where	ACSAC
Authors	Cristina Abad, Jed Taylor, Cigdem Sengul, William Yurcik, Yuanyuan Zhou, Kenneth E. Rowe

Comments (0)

Sciweavers

Log Correlation for Intrusion Detection: A Proof of Concept

ACSAC 2003 | Detection Systems Accuracy | Intrusion Detection | Intrusion Detection System | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers