Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2004
IEEE
2004
IEEE
Extracting Attack Manifestations to Determine Log Data Requirements for Intrusion Detection
Log data adapted for intrusion detection is a little explored research issue despite its importance for successful and efficient detection of attacks and intrusions. This paper presents a starting point in the search for suitable log data by providing a framework for determining exactly which log data that can reveal a specific attack, i.e. the attack manifestations. An attack manifestation consists of the log entries added, changed or removed by the attack compared to normal behaviour. We demonstrate the use of the framework by studying attacks in different types of log data. This work provides a foundation for a fully automated attack analysis. It also provides some pointers for how to define a collection of log elements that are both sufficient and necessary for detection of a specific group of attacks. We believe that this will lead to a log data source that is especially adapted for intrusion detection purposes.
Real-time TrafficRelated Content
| Added | 20 Aug 2010 |
| Updated | 20 Aug 2010 |
| Type | Conference |
| Year | 2004 |
| Where | ACSAC |
| Authors | Emilie Lundin Barse, Erland Jonsson |
Comments (0)
Researcher Info
|
