TY - GEN
T1 - Distributed audit trail analysis
AU - Mounji, Abdelaziz
AU - Le Charlier, Baudouin
AU - Zampunidris, Denis
AU - Habra, Naji
PY - 1995/1/1
Y1 - 1995/1/1
N2 - An implemented system for on-line analysis of multiple distributed data streams is presented. The system is conceptually universal since it does not rely on any particular platform feature and uses format adaptors to translate data streams into its own standard format. The system is as powerful as possible (from a theoretical standpoint) but still efficient enough for on-line analysis thanks to its novel rule-based language (BUS-SEL) which is specifically designed for efficientpro-cessing of sequential unstructured data streams. In this paper, the generic concepts are applied to security audit trail analysis. The resulting system provides powerful network security monitoring and sophisticated tools for intrusion/anomaly detection. The rule-based and command languages are described as well as the distributed architecture and the implementation. Performance measurements are reported, showing the effectiveness of the approach.
AB - An implemented system for on-line analysis of multiple distributed data streams is presented. The system is conceptually universal since it does not rely on any particular platform feature and uses format adaptors to translate data streams into its own standard format. The system is as powerful as possible (from a theoretical standpoint) but still efficient enough for on-line analysis thanks to its novel rule-based language (BUS-SEL) which is specifically designed for efficientpro-cessing of sequential unstructured data streams. In this paper, the generic concepts are applied to security audit trail analysis. The resulting system provides powerful network security monitoring and sophisticated tools for intrusion/anomaly detection. The rule-based and command languages are described as well as the distributed architecture and the implementation. Performance measurements are reported, showing the effectiveness of the approach.
UR - http://www.scopus.com/inward/record.url?scp=0002535673&partnerID=8YFLogxK
U2 - 10.1109/NDSS.1995.390641
DO - 10.1109/NDSS.1995.390641
M3 - Conference contribution
AN - SCOPUS:0002535673
T3 - Proceedings of the Symposium on Network and Distributed System Security, NDSS 1995
SP - 102
EP - 112
BT - Proceedings of the Symposium on Network and Distributed System Security, NDSS 1995
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 1995 Symposium on Network and Distributed System Security, NDSS 1995
Y2 - 16 February 1995 through 17 February 1995
ER -