• DocumentCode
    2191092
  • Title

    Hierarchical object log format for normalisation of security events

  • Author

    Sapegin, Andrey ; Jaeger, David ; Azodi, Amir ; Gawron, Marian ; Feng Cheng ; Meinel, Christoph

  • Author_Institution
    Hasso Plattner Inst. (HPI), Univ. of Potsdam, Potsdam, Germany
  • fYear
    2013
  • fDate
    4-6 Dec. 2013
  • Firstpage
    25
  • Lastpage
    30
  • Abstract
    The differences in log file formats employed in a variety of services and applications remain to be a problem for security analysts and developers of intrusion detection systems. The proposed solution, i.e. the usage of common log formats, has a limited utilization within existing solutions for security management. In our paper, we reveal the reasons for this limitation. We show disadvantages of existing common log formats for normalisation of security events. To deal with it we have created a new log format that fits for intrusion detection purposes and can be extended easily. Taking previous work into account, we would like to propose a new format as an extension to existing common log formats, rather than a standalone specification.
  • Keywords
    security of data; system monitoring; hierarchical object log format; intrusion detection systems; security event normalisation; Bridges; Kernel; Receivers; Servers; common log format; intrusion detection; log normalisation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security (IAS), 2013 9th International Conference on
  • Conference_Location
    Gammarth
  • Print_ISBN
    978-1-4799-2989-4
  • Type

    conf

  • DOI
    10.1109/ISIAS.2013.6947748
  • Filename
    6947748
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2191092