A Standard Audit Trail Format Proc. of 19th National Information Systems Security Conference (Oct 1995)

Get BibTex-formatted data

Author

Matt Bishop

Entry type

conference

Abstract

The central role of audit trails, or (more properly) logs, in security monitor- ing needs little description, for it is too well known for any to doubt it. Auditing, or the analysis of logs, is a central part of security not only in computer system security but also in analyzing financial and other non-technical systems. As part of this process, it is often necessary to reconcile logs from different sources. Consider for example intrusion detection over a network. In this scenario, an intrusion detection system (IDS) monitors several host on a network, and from their logs it determines which actions are attempts to violate security (misuse detection) or which actions are not expected (anomaly detection). As some attacks involve the exploitation of concurrent commands, the log records may involve more than one user, process, and system. Further, should the system security officer decide to trace the connections back through other systems, he must be able to correlate the logs of the many different heterogenous systems through who the attacker may have come.

URL

http://66.102.1.104/scholar?hl ... edu.sa/21173/1/21173.pdf+

Address

Davis, CA 95616-8562

Institution

Department of Computer Science - U. of Cal @ Davis

Key alpha

Bishop

Pages

136-145

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Conference{ Bishop,
	title = "A Standard Audit Trail Format Proc. of 19th National Information Systems Security Conference (Oct 1995)",
	author = "Matt Bishop",
	address = "Davis, CA 95616-8562",
	institution = "Department of Computer Science - U. of Cal @ Davis",
	pages = "136-145",
	abstract = "The central role of audit trails, or (more properly) logs, in security monitor-
ing needs little description, for it is too well known for any to doubt it.
Auditing, or the analysis of logs, is a central part of security not only in
computer system security but also in analyzing financial and other non-technical
systems. As part of this process, it is often necessary to reconcile logs from
different sources.
Consider for example intrusion detection over a network. In this scenario,
an intrusion detection system (IDS) monitors several host on a network, and
from their logs it determines which actions are attempts to violate security
(misuse detection) or which actions are not expected (anomaly detection). As
some attacks involve the exploitation of concurrent commands, the log records
may involve more than one user, process, and system. Further, should the system
security officer decide to trace the connections back through other systems,
he must be able to correlate the logs of the many different heterogenous systems
through who the attacker may have come.",
	url = "http://66.102.1.104/scholar?hl=en&lr=&q=cache:SBB8DVaTrW0J:https://eprints.kfupm.edu.sa/21173/1/21173.pdf+",
}