Audit reduction and misuse detection in heterogeneous environments: framework and application
暂无分享,去创建一个
Audit data analysis is a non-invasive method for security assurance that may be used to detect computer misuse and mitigate security risks in large, distributed, open architecture environments. In most real-world environments, the heterogeneous nature of the available audit data combined with environment-specific detection requirements makes it difficult to integrate re-usable detection mechanisms in an effective audit analysis capability. This paper presents a framework for implementing audit reduction and intrusion detection in a heterogeneous environment with a re-usable set of detection mechanisms. Experimental results indicate that this framework brings order to the analysis process and demonstrates the efficacy of the framework for producing cohesive, intuitive audit reduction in a heterogeneous environment with a re-usable detection toolset.<<ETX>>
[1] J. R. Winkler,et al. Intrusion And Anomaly Detection: ISOA Update , 1992 .
[2] R. Jagannathan,et al. A prototype real-time intrusion-detection expert system , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.
[3] S. E. Smaha. Haystack: an intrusion detection system , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.
[4] Dorothy E. Denning,et al. An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.