- Tytuł:
- Detecting Security Violations Based on Multilayered Event Log Processing
- Autorzy:
-
Malec, P.
Piwowar, M.
Kozakiewicz, A.
Lasota, K. - Powiązania:
- https://bibliotekanauki.pl/articles/307710.pdf
- Data publikacji:
- 2015
- Wydawca:
- Instytut Łączności - Państwowy Instytut Badawczy
- Tematy:
-
HIDS
log analysis
NIDS
syslog - Opis:
- The article proposes a log analysis approach to detection of security violations, based on a four layer design. First layer, named the event source layer, describes sources of information that can be used for misuse investigation. Transport layer represents the method of collecting event data, preserving it in the form of logs and passing it to another layer, called the analysis layer. This third layer is responsible for analyzing the logs' content, picking relevant information and generating security alerts. Last layer, called normalization layer, is custom software which normalizes and correlates produced alerts to raise notice on more complex attacks. Logs from remote hosts are collected by using rsyslog software and OSSEC HIDS with custom decoders and rules is used on a central log server for log analysis. A novel method of handling OSSEC HIDS alerts by their normalization and correlation is proposed. The output can be optionally suppressed to protect the system against alarm flood and reduce the count of messages transmitted in the network.
- Źródło:
-
Journal of Telecommunications and Information Technology; 2015, 4; 30-36
1509-4553
1899-8852 - Pojawia się w:
- Journal of Telecommunications and Information Technology
- Dostawca treści:
- Biblioteka Nauki