Title :
Audit reduction and misuse detection in heterogeneous environments: framework and application
Author_Institution :
Sci. Applications Int. Corp., San Diego, CA, USA
Abstract :
Audit data analysis is a non-invasive method for security assurance that may be used to detect computer misuse and mitigate security risks in large, distributed, open architecture environments. In most real-world environments, the heterogeneous nature of the available audit data combined with environment-specific detection requirements makes it difficult to integrate re-usable detection mechanisms in an effective audit analysis capability. This paper presents a framework for implementing audit reduction and intrusion detection in a heterogeneous environment with a re-usable set of detection mechanisms. Experimental results indicate that this framework brings order to the analysis process and demonstrates the efficacy of the framework for producing cohesive, intuitive audit reduction in a heterogeneous environment with a re-usable detection toolset
Keywords :
DP management; auditing; data analysis; distributed processing; open systems; security of data; audit data analysis; audit reduction; computer misuse detection; distributed open architecture environments; environment-specific detection requirements; heterogeneous environments; intrusion detection; noninvasive method; reusable detection mechanisms; security assurance; security risk mitigation; Application software; Computer architecture; Computer security; Data analysis; Data security; Distributed computing; Expert systems; Intrusion detection; Prototypes; Writing;
Conference_Titel :
Computer Security Applications Conference, 1994. Proceedings., 10th Annual
Conference_Location :
Orlando, FL
Print_ISBN :
0-8186-6795-8
DOI :
10.1109/CSAC.1994.367315
