Log Correlation for Intrusion Detection: A Proof of Concept

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Cristina Abad Articles by Jed Taylor Articles by Cigdem Sengul Articles by William Yurcik Articles by Yuanyuan Zhou Articles by Ken Rowe

19th Annual Computer Security Applications Conference (ACSAC '03)

Las Vegas, Nevada

December 08-December 12

ISBN: 0-7692-2041-3

	ASCII Text	x
	Cristina Abad, Jed Taylor, Cigdem Sengul, William Yurcik, Yuanyuan Zhou, Ken Rowe, "Log Correlation for Intrusion Detection: A Proof of Concept," Computer Security Applications Conference, Annual, pp. 255, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003.

	BibTex	x
	@article{ 10.1109/CSAC.2003.1254330, author = {Cristina Abad and Jed Taylor and Cigdem Sengul and William Yurcik and Yuanyuan Zhou and Ken Rowe}, title = {Log Correlation for Intrusion Detection: A Proof of Concept}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2003}, issn = {1063-9527}, pages = {255}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2003.1254330}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Log Correlation for Intrusion Detection: A Proof of Concept SN - 1063-9527 SP EP A1 - Cristina Abad, A1 - Jed Taylor, A1 - Cigdem Sengul, A1 - William Yurcik, A1 - Yuanyuan Zhou, A1 - Ken Rowe, PY - 2003 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Cristina Abad, University of Illinois at Urbana-Champaign; National Center for Supercomputing Applications (NCSA)

Jed Taylor, University of Illinois at Urbana-Champaign

Cigdem Sengul, University of Illinois at Urbana-Champaign

William Yurcik, National Center for Supercomputing Applications (NCSA)

Yuanyuan Zhou, University of Illinois at Urbana-Champaign

Ken Rowe, Science Applications International Corporation (SAIC)

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2003.1254330

Intrusion detection is an important part of networked-systems security protection. Although commercial products exist, finding intrusions has proven to be a difficult task with limitations under current techniques. Therefore, improved techniques are needed. We argue the need for correlating data among different logs to improve intrusion detection systems accuracy. We show how different attacks are reflected in different logs and argue that some attacks are not evident when a single log is analyzed. We present experimental results using anomaly detection for the virus Yaha. Through the use of data mining tools (RIPPER) and correlation among logs we improve the effectiveness of an intrusion detection system while reducing false positives.

Citation:

Cristina Abad, Jed Taylor, Cigdem Sengul, William Yurcik, Yuanyuan Zhou, Ken Rowe, "Log Correlation for Intrusion Detection: A Proof of Concept," acsac, pp.255, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.