论文信息 - The “ART” of log correlation: part 1

The “ART” of log correlation: part 1

This is the last article in a three part series on log correlation. Log file correlation is related to two distinct activities: Intrusion Detection and Network Forensics. It is more important than ever that these two disciplines work together in a mutualistic relationship in order to avoid Points of Failure. This paper, intended as a tutorial for those dealing with such issues, presents an overview of log analysis and correlation, with special emphasis on the tools and techniques for managing them within a network forensics context.

Dario Forte

[1] Eoghan Casey,et al. Network traffic as a source of evidence: tool strengths, weaknesses, and future needs , 2004, Digit. Investig..

[2] Cristina L. Abad,et al. Log correlation for intrusion detection: a proof of concept , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[3] Bruce Schneier,et al. Secure audit logs to support computer forensics , 1999, TSEC.

[4] Dominique Brodbeck,et al. A Visual Approach for Monitoring Logs , 1998, LISA.

[5] Dario V. Forte. Analyzing the Difficulties in Backtracing Onion Router Traffic , 2002, Int. J. Digit. EVid..