DocumentCode
3473847
Title
Analysis of Log Files Intersections for Security Enhancement
Author
Kowalski, Kazimierz ; Beheshti, Mohsen
Author_Institution
Dept. of Comput. Sci., California State Univ., Carson, CA
fYear
2006
fDate
10-12 April 2006
Firstpage
452
Lastpage
457
Abstract
In this paper, we discuss our research in developing general and systematic methods for intrusion prevention. The key idea is to use data mining techniques to discover regular patterns of system features that describe program and user behavior. Server systems invariably write detailed activity logs whose value is useful in detecting intrusion. Unfortunately, production volumes overwhelm the capacity and manageability of traditional approach. This paper discusses the issues involving large-scale log processing that helps analyze log records. In this paper we propose to analyze intersections of log files that come from different applications and firewalls installed on one computer, and intersections resulting from log files coming from different computers. Intersections of log files are substantially smaller than full logs and consist of records that indicate abnormalities in accessing single computer or set of computers. The paper concludes with some lessons we learned in building the system
Keywords
data mining; recording; security of data; data mining; intrusion prevention; large-scale log processing; log files intersections; security enhancement; Companies; Computer crime; Computer networks; Computer security; Data mining; Data security; IP networks; Internet; Intrusion detection; Protection; Data Mining; Intrusion prevention; Log files; Security; architectures;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Technology: New Generations, 2006. ITNG 2006. Third International Conference on
Conference_Location
Las Vegas, NV
Print_ISBN
0-7695-2497-4
Type
conf
DOI
10.1109/ITNG.2006.32
Filename
1611634
Link To Document