HOST SCURITY EVENT TRACK FOR COMPLEX NETWORK ENVIRONMENTS BASED ON THE ANALYSIS OF LOG
The system log is very important for the system.We can find out the source of system error or external attacks by system log,but todays log analysis tools for complex network environments can only provid a single application(for example web applications) or some of the system itselvs error event to the users but a single system log contents can not be a comprehensive analysis of the ins and outs of security incidents and can not track an attack from the beginning to the end.When users find themselves attacked,though they can find put what the attacker did they can not link the operations and path of intrusion together.This paper presents a vison that matching the host logging events and intrusion events,build a log series model for a complete invasion.We can release the full path of an invasion through the sequence of log.
Analysis of log Security incidents Behavior tracking Matching model
Danfeng Yan Rui Feng Junlin Huang Fangchun Yang
State Key Laboratory of Networking & Switching Technology P.O.Box 187,Beijing University of Posts and Telecommunications 100876,China
国际会议
杭州
英文
1041-1045
2012-10-30(万方平台首次上网日期,不代表论文的发表时间)