Acquisition and visualization of sensitive security audit events

Author

Wang, Baoyun ; Yang, Yingjie

Author_Institution

Inst. of Electron. Technol., Inf. Eng. Univ., Zhengzhou

fYear

2008

fDate

20-23 June 2008

Firstpage

1514

Lastpage

1519

Abstract

Audit data analysis plays a critical role in the field of information security. Acquiring sensitive security audit events (SSAE) and visualizing correlations of them is an important task of audit data analysis and it is a very difficult issue. In this paper, we propose an approach to acquire SSAE and present their correlations in the form of graphs. Firstly, we use DWT (discrete wavelet transformation) to get sensitive security audit event objects, and then use DBSCAN (a clustering algorithm of KDD) and database query technique to obtain SSAE related to the sensitive objects. Secondly, a security audit event visualization model based on the theory of colored Petri-net is presented to visualize correlations of SSAE, and the acquisition process of causal relationship among audit events is given. Lastly, we carry out an experiment, which shows the proposed approach bring some convenience of browsing and analysing audit data to security auditor.

Keywords

Petri nets; data acquisition; data visualisation; discrete wavelet transforms; security of data; audit data analysis; colored Petri-net; discrete wavelet transformation; information security; sensitive security audit events acquisition; sensitive security audit events visualization; Automation; Clustering algorithms; Data analysis; Data engineering; Data security; Data visualization; Discrete wavelet transforms; Information security; Monitoring; Visual databases;

fLanguage

English

Publisher

ieee

Conference_Titel

Information and Automation, 2008. ICIA 2008. International Conference on

Conference_Location

Changsha

Print_ISBN

978-1-4244-2183-1

Electronic_ISBN

978-1-4244-2184-8

Type

conf

DOI

10.1109/ICINFA.2008.4608243

Filename

4608243