Distributed Audit Trail Analysis

Get BibTex-formatted data

Author

Abdelaziz Mounji,Baudouin Le Charlier,Denis Zampunieris,Naji Habra

Entry type

misc

Abstract

An implemented system for on-line analysis of multiple distributed data streams is presented. The system is conceptually universal since it does not rely on any particular platform feature and uses format adaptors to translate data streams into its own standard format. The system is as powerful as possible (from a theoretical standpoint) but still efficient enough for on-line analysis thanks to its rule- based language (RUSSEL) which is specifically designed for efficient processing of sequential unstructured data streams. In this paper, the generic concepts are applied to security audit trail analysis. The resulting system provides powerful network security monitoring and sophisticated tools for intrusion/anomaly detection. The rule based and command languages are described as well as the distributed architecture and the implementation. Performance measurements are reported, showing the effectiveness of the approach.

Date

1994 – November

URL

http://citeseerx.ist.psu.edu/v ... ummary?doi=10.1.1.30.3327

Address

B-5000 Namur, Belgium

Institution

Institut d

Key alpha

Mounji

Publication Date

1970-11-30

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Misc{ Mounji,
	title = "Distributed Audit Trail Analysis",
	author = "Abdelaziz Mounji,Baudouin Le Charlier,Denis Zampunieris,Naji Habra",
	year = "1994",
	month = "November",
	address = "B-5000 Namur, Belgium",
	institution = "Institut d",
	abstract = "An implemented system for on-line analysis of multiple distributed data streams is
presented. The system is conceptually universal since it does not rely on any
particular platform feature and uses format adaptors to translate data streams into
its own standard format. The system is as powerful as possible (from a theoretical
standpoint) but still efficient enough for on-line analysis thanks to its rule-
based language (RUSSEL) which is specifically designed for efficient processing
of sequential unstructured data streams.
In this paper, the generic concepts are applied to security audit trail analysis.
The resulting system provides powerful network security monitoring and sophisticated
tools for intrusion/anomaly detection. The rule based and command languages are
described as well as the distributed architecture and the implementation.
Performance measurements are reported, showing the effectiveness of the approach.",
	url = "http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.30.3327",
}