The system log is very important for the system. We can find out the source of system error or external attacks by system log, but today's log analysis tools for complex network environments can only provid a single application(for example web applications) or some of the system itselv's error event to the users but a single system log contents can not be a comprehensive analysis of the ins and outs of security incidents and can not track an attack from the beginning to the end. When users find themselves attacked, though they can find put what the attacker did they can not link the operations and path of intrusion together. This paper presents a vison that matching the host logging events and intrusion events, build a log series model for a complete invasion. We can release the full path of an invasion through the sequence of log.
[1]
Katja Hofmann,et al.
A Semantic Perspective on Query Log Analysis
,
2009,
CLEF.
[2]
Amparo Alonso-Betanzos,et al.
A Log Analyzer Agent for Intrusion Detection in a Multi-Agent System
,
2010,
KES.
[3]
Eugene H. Spafford,et al.
A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION
,
1994
.
[4]
David Basin,et al.
Logging and Log Analysis
,
2011
.
[5]
Wei Xu,et al.
Advances and challenges in log analysis
,
2011,
Commun. ACM.
[6]
Greg Franks,et al.
Automated Performance Model Construction through Event Log Analysis
,
2012,
2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.