Title :
Hierarchical object log format for normalisation of security events
Author :
Sapegin, Andrey ; Jaeger, David ; Azodi, Amir ; Gawron, Marian ; Feng Cheng ; Meinel, Christoph
Author_Institution :
Hasso Plattner Inst. (HPI), Univ. of Potsdam, Potsdam, Germany
Abstract :
The differences in log file formats employed in a variety of services and applications remain to be a problem for security analysts and developers of intrusion detection systems. The proposed solution, i.e. the usage of common log formats, has a limited utilization within existing solutions for security management. In our paper, we reveal the reasons for this limitation. We show disadvantages of existing common log formats for normalisation of security events. To deal with it we have created a new log format that fits for intrusion detection purposes and can be extended easily. Taking previous work into account, we would like to propose a new format as an extension to existing common log formats, rather than a standalone specification.
Keywords :
security of data; system monitoring; hierarchical object log format; intrusion detection systems; security event normalisation; Bridges; Kernel; Receivers; Servers; common log format; intrusion detection; log normalisation;
Conference_Titel :
Information Assurance and Security (IAS), 2013 9th International Conference on
Conference_Location :
Gammarth
Print_ISBN :
978-1-4799-2989-4
DOI :
10.1109/ISIAS.2013.6947748
