• DocumentCode
    2095478
  • Title

    Identification of intrusion scenarios through classification, characterization and analysis of firewall events

  • Author

    Gaspary, Luciano Paschoal ; Melchiors, Cristina ; Locatelli, Fábio Elias ; Dillenburg, Fabiane

  • Author_Institution
    Programa Interdisciplicar de Pos-Graduacao em Computacao Aplicada, Univ. do Vale do Rio dos Sinos, Sao Leopoldo, Brazil
  • fYear
    2004
  • fDate
    16-18 Nov. 2004
  • Firstpage
    327
  • Lastpage
    334
  • Abstract
    The content analysis of firewall logs is essential (i) to quantify and identify accesses to external and private networks, (ii) to follow the historical growth of accesses volume and applications used, (iii) to debug problems on the configuration of filtering rules and (iv) to recognize suspicious event sequences that indicate strategies used by intruders in attempts to obtain non-authorized access to stations and services. The paper presents an approach to classify, characterize and analyze events generated by firewalls. The proposed approach explores the case-based reasoning technique to identify possible intrusion scenarios. The paper also describes the validation of our approach carried out based on real logs generated during one week by the university firewall.
  • Keywords
    authorisation; case-based reasoning; computer networks; telecommunication security; case-based reasoning technique; filtering rules; firewall events; firewall log content analysis; intrusion scenario identification; nonauthorized access; suspicious event sequences; Computer networks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Local Computer Networks, 2004. 29th Annual IEEE International Conference on
  • ISSN
    0742-1303
  • Print_ISBN
    0-7695-2260-2
  • Type

    conf

  • DOI
    10.1109/LCN.2004.65
  • Filename
    1367234
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2095478