Distributed audit trail analysis

Authors:
A. Mounji;B. Le Charlier;D. Zampunieris;N. Habra
Affiliations:
-;-;-;-
Venue:
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Year:
1995

Citing 0
Cited 11

Abstraction-based intrusion detection in distributed environments

ACM Transactions on Information and System Security (TISSEC)
Evaluation of the performance of ID systems in a switched and distributed environment: the RealSecure case study

Computer Networks: The International Journal of Computer and Telecommunications Networking
Evaluation of the performance of ID systems in a switched and distributed environment: the real secure case study

Computer Networks: The International Journal of Computer and Telecommunications Networking
A comparative experimental evaluation study of intrusion detection system performance in a gigabit environment

Journal of Computer Security
Continuous Assessment of a Unix Configuration: Integrating Intrusion Detection and Configuration Analysis

SNDSS '97 Proceedings of the 1997 Symposium on Network and Distributed System Security
LAD: Localization Anomaly Detection forWireless Sensor Networks

IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
A privacy-preserving interdomain audit framework

Proceedings of the 5th ACM workshop on Privacy in electronic society
D-SCIDS: distributed soft computing intrusion detection system

Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Towards a dynamic and composable model of trust

Proceedings of the 14th ACM symposium on Access control models and technologies
IT-security and privacy: design and use of privacy-enhancing security mechanisms

IT-security and privacy: design and use of privacy-enhancing security mechanisms
Design and implementation of a decentralized prototype system for detecting distributed attacks

Computer Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

An implemented system for on-line analysis of multiple distributed data streams is presented. The system is conceptually universal since it does not rely on any particular platform feature and uses format adaptors to translate data streams into its own standard format. The system is as powerful as possible (from a theoretical standpoint) but still efficient enough for on-line analysis thanks to its novel rule-based language (RUSSEL) which is specifically designed for efficient processing of sequential unstructured data streams. The generic concepts are applied to security audit trail analysis. The resulting system provides powerful network security monitoring and sophisticated tools for intrusion/anomaly detection. The rule-based and command languages are described as well as the distributed architecture and the implementation. Performance measurements are reported, showing the effectiveness of the approach.