Refereed Papers: Real-time Log File Analysis Using the Simple Event Correlator (SEC)
LISA '04 Proceedings of the 18th USENIX conference on System administration
Log-based distributed intrusion detection for hybrid networks
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Managing uncertainty and vagueness in description logics for the Semantic Web
Web Semantics: Science, Services and Agents on the World Wide Web
High speed and robust event correlation
IEEE Communications Magazine
Hi-index | 0.00 |
Log management and monitoring activities have traditionally proved very useful in detecting system and network faults. Increasingly, log monitoring has also been recognized for its value in detecting and thwarting malicious behavior on systems and the network. Unfortunately, the centralized methodologies for conducting log monitoring are often not well suited to today's enterprise environment. In this paper, we discuss our ongoing research into distributed event correlation of web server logs. The application of these distributed techniques in conjunction with existing log monitoring methodologies can provide value over centralized approaches by making malicious behavior detection more efficient and effective.