Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation
نویسندگان
چکیده
An attempt at determining the source of anomalous network traffic may result in the identification of the networked system where it originated. From a forensic point of view it is almost impossible to positively identify the application or the user behind the application that generated the traffic. Many users may have been using the networked system and there remains the possibility of network traffic generation by Trojan horses. We propose a network-access log that bridges the gap between system event logs and network monitoring by extending event logging on individual hosts with information pertaining to generation of network traffic. The key contribution of the proposed network access audit log is the establishment of the chain of evidence linking the outgoing traffic to its source thereby improving the network security of an intranet.
منابع مشابه
Analyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملImproved event logging for security and forensics: developing audit management infrastructure requirements
The design and implementation of audit configurations is often constrained by the audit management interface, which typically models operating system structures rather than real world behavior. This paper argues for the need for improved audit management technology as part of an overall top-down approach in the establishment of IT eventlogging policies and practices. We propose that audit manag...
متن کاملSecurity Analysis of Lightweight Authentication Scheme with Key Agreement using Wireless Sensor Network for Agricultural Monitoring System
Wireless sensor networks have many applications in the real world and have been developed in various environments. But the limitations of these networks, including the limitations on the energy and processing power of the sensors, have posed many challenges to researchers. One of the major challenges is the security of these networks, and in particular the issue of authentication in the wireles...
متن کاملLUARM – An audit engine for insider misuse detection
'Logging User Actions in Relational Mode' (LUARM) is an open source audit engine for Linux. It provides a near real-time snapshot of a number of user action data such as file access, program execution and network endpoint user activities, all organized in easily searchable relational tables. LUARM attempts to solve two fundamental problems of the insider IT misuse domain. The first concerns the...
متن کاملGraded security forensics readiness of SCADA systems
Security event logs are major indicators for the timely discovery of cyberattacks and during security incident examinations. Collection of sufficient logs of events associated with security incident time is critical for effective investigation. SCADA systems logging capabilities are intended for identifying and detecting process disruptions, not security incidents, and are frequently not suitab...
متن کامل