Adding value to log event correlation using distributed techniques

Authors:
Justin Myers;Michael R. Grimaila;Robert F. Mills
Affiliations:
Air Force Institute of Technology, Wright-Patterson AFB, OH;Air Force Institute of Technology, Wright-Patterson AFB, OH;Air Force Institute of Technology, Wright-Patterson AFB, OH
Venue:
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Year:
2010

Citing 4
Cited 0

Refereed Papers: Real-time Log File Analysis Using the Simple Event Correlator (SEC)

LISA '04 Proceedings of the 18th USENIX conference on System administration
Log-based distributed intrusion detection for hybrid networks

Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Managing uncertainty and vagueness in description logics for the Semantic Web

Web Semantics: Science, Services and Agents on the World Wide Web
High speed and robust event correlation

IEEE Communications Magazine

Quantified Score

Hi-index	0.00

Visualization

Abstract

Log management and monitoring activities have traditionally proved very useful in detecting system and network faults. Increasingly, log monitoring has also been recognized for its value in detecting and thwarting malicious behavior on systems and the network. Unfortunately, the centralized methodologies for conducting log monitoring are often not well suited to today's enterprise environment. In this paper, we discuss our ongoing research into distributed event correlation of web server logs. The application of these distributed techniques in conjunction with existing log monitoring methodologies can provide value over centralized approaches by making malicious behavior detection more efficient and effective.