Events Classification in Log Audit
نویسندگان
چکیده
Information security audit is a monitoring/logging mechanism to ensure compliance with regulations and to detect abnormalities, security breaches, and privacy violations; however, auditing too many events causes overwhelming use of system resources and impacts performance. Consequently, a classification of events is used to prioritize events and configure the log system. Rules can be applied according to this classification to make decisions about events to be archived and types of actions invoked by events. Current classification methodologies are fixed to specific types of incident occurrences and applied in terms of system-dependent description. In this paper, we propose a conceptual model that produces an implementation-independent logging scheme to monitor events.
منابع مشابه
Using Event Attribute Name-Value Pairs for Summarizing Log Data
Security loggers such as network intrusion detection sensors and operating system audit recorders typically produce a large volume of events, the magnitude of which can make detailed manual analysis (e.g., investigating a security incident) prohibitive. However, it is often only through such analysis that computer security professionals can meaningfully tune audit policy and operational configu...
متن کاملAudit Log Analysis Using the Visual Audit Browser Toolkit
This paper describes the design and implementation of the Visual Audit Browser (VAB) Toolkit, which provides a visual interface for browsing Sun BSM audit logs. Applications of the VAB Toolkit include investigating security violations and more routine system admincistration tasks. The low level of abstraction in the logs, the large size of the logs, and the lack of association indication in the...
متن کاملAudit Trail Based on Process Mining and Log
An audit trail is an evidence of all procedures that take place in a system and across a network; it provides an outline of user/system events so that safety measures events can be associated to the actions of a specie individual or system element. Audit trails can be inspected for the existence or nonexistence of confident patterns. Audit trails can be used for measuring security issues, acces...
متن کاملModifying Without a Trace: General Audit Guidelines are Inadequate for Electronic Health Record Audit Mechanisms
Without adequate audit mechanisms, electronic health record (EHR) systems remain vulnerable to undetected misuse. Users could modify or delete protected health information without these actions being traceable. The objective of this paper is to assess electronic health record audit mechanisms to determine the current degree of auditing for non-repudiation and to assess whether general audit gui...
متن کاملTamper Detection in Audit Logs
Audit logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and inalterable. It is not sufficient to say, “our data is correct, because we store all interactions in a...
متن کامل