Title :
Distributed audit trail analysis
Author :
Mounji, Abdelaziz ; Le Charlier, Baudouin ; Zampuniéris, Denis ; Habra, Naji
Author_Institution :
Inst. d´´Inf., Facultes Univ. Notre-Dame de la Paix, Namur, Belgium
Abstract :
An implemented system for on-line analysis of multiple distributed data streams is presented. The system is conceptually universal since it does not rely on any particular platform feature and uses format adaptors to translate data streams into its own standard format. The system is as powerful as possible (from a theoretical standpoint) but still efficient enough for on-line analysis thanks to its novel rule-based language (RUSSEL) which is specifically designed for efficient processing of sequential unstructured data streams. The generic concepts are applied to security audit trail analysis. The resulting system provides powerful network security monitoring and sophisticated tools for intrusion/anomaly detection. The rule-based and command languages are described as well as the distributed architecture and the implementation. Performance measurements are reported, showing the effectiveness of the approach
Keywords :
auditing; computer network management; data analysis; high level languages; knowledge based systems; performance evaluation; RUSSEL rule-based language; anomaly detection tool; command languages; data stream translation; distributed architecture; distributed audit trail analysis; format adaptors; generic concepts; intrusion detection tool; multiple distributed data streams; network security monitoring; on-line analysis; performance measurements; security audit trail analysis; sequential unstructured data streams; Command languages; Computer architecture; Computer security; Data security; Intrusion detection; Measurement; Monitoring; Power system security; Software performance; Testing;
Conference_Titel :
Network and Distributed System Security, 1995., Proceedings of the Symposium on
Conference_Location :
San Diego, CA
Print_ISBN :
0-8186-7027-4
DOI :
10.1109/NDSS.1995.390641
