UCLog: A Unified, Correlated Logging Architecture for Intrusion Detection
نویسندگان
چکیده
Activity logs can be used for intrusion detection; however, most previous work on intrusion detection examines only activity logs from a single component. Doing so fails to take advantage of the naturally existing correlations among activities in different types of logs, such as network logs and system call logs. This paper explores correlation for intrusion detection. Specifically, we propose UCLog, a unified logging architecture that can effectively capture correlations among entries in different types of logs. UCLog enables the intrusion detection system to make some sense of the myriad of different available logs and correlate the information the logs present to enhance the intrusion detection process. We have evaluated UCLog by using it to detect the infection of a host with the Yaha virus. Our results show significant improvement when the information available in several logs is correlated.
منابع مشابه
UCLog+ : A Security Data Management System for Correlating Alerts, Incidents, and Raw Data From Remote Logs
Source data for computer network security analysis takes different forms (alerts, incidents, logs) and each source may be voluminous. Due to the challenge this presents for data management, this has often lead to security “stovepipe” operations which focus primarily on a small number of data sources for analysis with little or no automated correlation between data sources (although correlation ...
متن کاملMoving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملProposing A Distributed Model For Intrusion Detection In Mobile Ad-Hoc Network Using Neural Fuzzy Interface
Security term in mobile ad hoc networks has several aspects because of the special specification of these networks. In this paper a distributed architecture was proposed in which each node performed intrusion detection based on its own and its neighbors’ data. Fuzzy-neural interface was used that is the composition of learning ability of neural network and fuzzy Ratiocination of fuzzy system as...
متن کاملProposing A Distributed Model For Intrusion Detection In Mobile Ad-Hoc Network Using Neural Fuzzy Interface
Security term in mobile ad hoc networks has several aspects because of the special specification of these networks. In this paper a distributed architecture was proposed in which each node performed intrusion detection based on its own and its neighbors’ data. Fuzzy-neural interface was used that is the composition of learning ability of neural network and fuzzy Ratiocination of fuzzy system as...
متن کاملConsiderations on Developing a Chainsaw Intrusion Detection and Localization System for Preventing Unauthorized Logging
This work presents a system designed to prevent unauthorized logging by detecting and locating chainsaw sound sources. We analyze the specifics of chainsaw related sounds and discuss about the possible approaches for classifying the input sounds. The work also highlights several approaches for sound source localization that can be used in wireless sensor network architecture for tracking the as...
متن کامل