Distributed audit trail analysis

Abdelaziz Mounji, Baudouin Le Charlier, Denis Zampunidris, Naji Habra

Research output: Contribution in Book/Catalog/Report/Conference proceedingConference contribution

Abstract

An implemented system for on-line analysis of multiple distributed data streams is presented. The system is conceptually universal since it does not rely on any particular platform feature and uses format adaptors to translate data streams into its own standard format. The system is as powerful as possible (from a theoretical standpoint) but still efficient enough for on-line analysis thanks to its novel rule-based language (BUS-SEL) which is specifically designed for efficientpro-cessing of sequential unstructured data streams. In this paper, the generic concepts are applied to security audit trail analysis. The resulting system provides powerful network security monitoring and sophisticated tools for intrusion/anomaly detection. The rule-based and command languages are described as well as the distributed architecture and the implementation. Performance measurements are reported, showing the effectiveness of the approach.

Original languageEnglish
Title of host publicationProceedings of the Symposium on Network and Distributed System Security, NDSS 1995
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages102-112
Number of pages11
ISBN (Electronic)0818670274, 9780818670275
DOIs
Publication statusPublished - 1 Jan 1995
Event1995 Symposium on Network and Distributed System Security, NDSS 1995 - San Diego, United States
Duration: 16 Feb 199517 Feb 1995

Publication series

NameProceedings of the Symposium on Network and Distributed System Security, NDSS 1995

Conference

Conference1995 Symposium on Network and Distributed System Security, NDSS 1995
CountryUnited States
CitySan Diego
Period16/02/9517/02/95

Fingerprint Dive into the research topics of 'Distributed audit trail analysis'. Together they form a unique fingerprint.

Cite this