Log Correlation for Intrusion Detection: A Proof of Concept

Free registration required

Executive Summary

Intrusion detection is an important part of networked systems security protection. Although commercial products exist, finding intrusions has proven to be a difficult task with limitations under current techniques. Therefore, improved techniques are needed. The authors argue the need for correlating data among different logs to improve intrusion detection systems accuracy. The authors show how different attacks are reflected in different logs and argue that some attacks are not evident when a single log is analyzed. The authors present experimental results using anomaly detection for the virus Yaha. Through the use of data mining tools (RIPPER) and correlation among logs the authors improves the effectiveness of an intrusion detection system while reducing false positives.

  • Format: PDF
  • Size: 96.4 KB