论文信息 - A Revised Taxonomy of Data Collection Mechanisms with a Focus on Intrusion Detection

A Revised Taxonomy of Data Collection Mechanisms with a Focus on Intrusion Detection

Surprisingly few data collection mechanisms have been used for intrusion detection, and most systems rely on network and system call data as input to the detection engine. Even though the quality of log data is vital to the detection process and heavily dependent on the collection mechanism, no extensive survey or taxonomy has been conducted within the detection field. In this paper, we propose a revised taxonomy which provides a unified terminology and a framework in which data collection mechanisms can be systematically inspected, evaluated, and compared. Since the taxonomy is derived from existing mechanisms, it also provides a useful overview of different types of mechanisms. The paper also suggests areas within data collection where additional work is required.

Erland Jonsson | Stefan Lindskog | Ulf Larson

[1] Carl E. Landwehr,et al. A Taxonomy of Computer Program Security Flaws, with Examples , 1993 .

[2] Teresa F. Lunt,et al. A survey of intrusion detection techniques , 1993, Comput. Secur..

[3] Ulf Lindqvist,et al. On the Fundamentals of Analysis and Detection of Computer Misuse , 1999 .

[4] David L. Mills,et al. Network Time Protocol (Version 3) Specification, Implementation and Analysis , 1992, RFC.

[5] Erland Jonsson,et al. How to systematically classify computer security intrusions , 1997, S&P 1997.

[6] James R. Larus,et al. Efficient program tracing , 1993, Computer.

[7] Erland Jonsson,et al. An intrusion detection-centric taxonomy and survey of data log mechanisms , 2006 .

[8] Beth A. Schroeder. On-Line Monitoring: , 1995 .

[9] Cristina L. Abad,et al. UCLog+ : A Security Data Management System for Correlating Alerts, Incidents, and Raw Data From Remote Logs , 2006, ArXiv.

[10] Carl E. Landwehr,et al. A taxonomy of computer program security flaws , 1993, CSUR.

[11] Beth A. Schroeder. On-Line Monitoring: A Tutorial , 1995, Computer.

[12] Marc Dacier,et al. A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[13] Marc Dacier,et al. MAFTIA (Malicious− and Accidental− Fault Tolerance for Internet Applications , 2001 .

[14] Stefan Axelsson,et al. Intrusion Detection Systems: A Survey and Taxonomy , 2002 .