Log Correlation

2011 ◽  
pp. 106-136
Author(s):  
Dario Valentino Forete
Keyword(s):  
Intrusion Detection ◽  
Log Analysis ◽  
Network Forensics ◽  
Log File ◽  
Tools And Techniques

Log file correlation comprises two components: Intrusion Detection and Network Forensics. The skillful and mutualistic combination of these distinct disciplines is one of the best guarantees against Points of Failure. This chapter is organized as a tutorial for practitioners, providing an overview of log analysis and correlation, with special emphasis on the tools and techniques for handling them in a forensically compliant manner.

scholarly journals Intrusion Detection using Machine Learning and log analysis

IJARCCE ◽  
2019 ◽  
Vol 8 (4) ◽  
pp. 306-309
Author(s):  
Miss. Sayali Gunale ◽  
Miss. Renuka Tanksale ◽  
Prof. Mr U.K. Raut
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Log Analysis

Semantic Knowledge Mining Techniques for Ubiquitous Access Media Usage Analysis

2007 ◽  
pp. 236-262
Author(s):  
John Garofalakis ◽  
Theodoula Giannakoudi ◽  
Yannis Panagis ◽  
Evangelos Sakkopoulos ◽  
Athanasios Tsakalidis
Keyword(s):  
Mobile Devices ◽  
Information Acquisition ◽  
Semantic Knowledge ◽  
Log Analysis ◽  
Semantic Level ◽  
Media Usage ◽  
Ubiquitous Access ◽  
Log File ◽  
Usage Analysis ◽  
The Web

In this chapter, an information acquisition system is proposed which aims to provide log analysis, dealing with ubiquitous access media, by use of semantic knowledge. The lately emerging figure of the semantic Web, the ontologies, may be used to exalt the Web trails to a semantic level so as to reveal their deeper usage information. The proposed architecture, which is presented in detail, intends to overcome mobile devices’ trail duplicates problems and detect semantic operations similarity of server Web services, which are often composed to provide a function. The references that supplement the chapter provide publications that discuss mainly log file mining and analysis and semantic similarity. Useful technology-used URL resources are also provided.

scholarly journals A Real-time LAN/WAN and Web Attack Prediction Framework Using Hybrid Machine Learning Model

2018 ◽  
Vol 7 (3.12) ◽  
pp. 1128
Author(s):  
Mohammad Arshad ◽  
Md. Ali Hussain
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Real Time ◽  
Learning Model ◽  
Attack Detection ◽  
Buffer Size ◽  
Learning Classifier ◽  
Network Intrusion ◽  
Machine Learning Model ◽  
Tools And Techniques

Real-time network attacks have become an increasingly serious issue to LAN/WAN security in recent years. As the size of the network flow increases, it becomes difficult to pre-process and analyze the network packets using the traditional network intrusion detection tools and techniques. Traditional NID tools and techniques require high computational memory and time to process large number of packets in incremental manner due to limited buffer size. Web intrusion detection is also one of the major threat to real-time web applications due to unauthorized user’s request to web server and online databases. In this paper, a hybrid real-time LAN/WAN and Web IDS model is designed and implemented using the machine learning classifier. In this model, different types of attacks are detected and labelled prior to train the machine learning model. Future network packets are predicted using the trained machine learning classifier for attack prediction. Experimental results are simulated on real-time LAN/WAN network and client-server web application for performance analysis. Simulated results show that the proposed machine learning based attack detection model is better than the traditional statistical and rule based learning models in terms of time, detection rate are concerned.  

scholarly journals A Security Log Analysis Scheme Using Deep Learning Algorithm for IDSs in Social Network

2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Ming Zhong ◽  
Yajin Zhou ◽  
Gang Chen
Keyword(s):  
Deep Learning ◽  
Social Network ◽  
Intrusion Detection ◽  
Learning Algorithm ◽  
Detection System ◽  
Target System ◽  
Log Analysis ◽  
Clustering Methods ◽  
Analysis Scheme ◽  
Server System

Due to the complexity of the social network server system, various system abnormalities may occur and in turn will lead to subsequent system failures and information losses. Thus, to monitor the system state and detect the system abnormalities are of great importance. As the system log contains valuable information and records the system operating status and users’ behaviors, log data in system abnormality detection and diagnosis can ensure system availability and reliability. This paper discloses a log analysis method based on deep learning for an intrusion detection system, which includes the following steps: preprocess the acquired logs of different types in the target system; perform log analysis on the preprocessed logs using a clustering-based method; then, encode the parsed log events into digital feature vectors; use LSTM-based neural network and log collect-based clustering methods to learn the encoded logs to form warning information; lastly, trace the source of the warning information to the corresponding component to determine the point of intrusion. The paper finally implements the proposed intrusion detection method in the server system, thereby improving the system’s security status.

scholarly journals Network Forensics: A Comprehensive Review of Tools and Techniques

2021 ◽  
Vol 12 (5) ◽  
Author(s):  
Sirajuddin Qureshi ◽  
Saima Tunio ◽  
Faheem Akhtar ◽  
Ahsan Wajahat ◽  
Ahsan Nazir ◽  
...  
Keyword(s):  
Network Forensics ◽  
Comprehensive Review ◽  
Tools And Techniques

Toward Understanding the Challenges and Countermeasures in Computer Anti-Forensics

2013 ◽  
pp. 176-189
Author(s):  
Kamal Dahbur ◽  
Bassil Mohammad
Keyword(s):  
Computer Systems ◽  
Future Research ◽  
Digital Evidence ◽  
Network Forensics ◽  
Research Opportunities ◽  
Technological Tools ◽  
Tools And Techniques ◽  
Technical Measures

The term computer anti-forensics (CAF) generally refers to a set of tactical and technical measures intended to circumvent the efforts and objectives of the field of computer and network forensics (CF). Many scientific techniques, procedures, and technological tools have evolved and effectively applied in the field of CF to assist scientists and investigators in acquiring and analyzing digital evidence for the purpose of solving cases that involve the use or misuse of computer systems. CAF has emerged as a CF counterpart that plants obstacles throughout the path of computer investigations. The purpose of this paper is to highlight the challenges introduced by anti-forensics, explore various CAF mechanisms, tools, and techniques, provide a coherent classification for them, and discuss their effectiveness. Moreover, the authors discuss the challenges in implementing effective countermeasures against these techniques. A set of recommendations are presented with future research opportunities.

Toward Understanding the Challenges and Countermeasures in Computer Anti-Forensics

2011 ◽  
Vol 1 (3) ◽  
pp. 22-35 ◽  
Author(s):  
Kamal Dahbur ◽  
Bassil Mohammad
Keyword(s):  
Computer Systems ◽  
Future Research ◽  
Digital Evidence ◽  
Network Forensics ◽  
Research Opportunities ◽  
Technological Tools ◽  
Tools And Techniques ◽  
Technical Measures

The term computer anti-forensics (CAF) generally refers to a set of tactical and technical measures intended to circumvent the efforts and objectives of the field of computer and network forensics (CF). Many scientific techniques, procedures, and technological tools have evolved and effectively applied in the field of CF to assist scientists and investigators in acquiring and analyzing digital evidence for the purpose of solving cases that involve the use or misuse of computer systems. CAF has emerged as a CF counterpart that plants obstacles throughout the path of computer investigations. The purpose of this paper is to highlight the challenges introduced by anti-forensics, explore various CAF mechanisms, tools, and techniques, provide a coherent classification for them, and discuss their effectiveness. Moreover, the authors discuss the challenges in implementing effective countermeasures against these techniques. A set of recommendations are presented with future research opportunities.

A Method of Network Forensics Analysis Based on Frequent Sequence Mining

2011 ◽  
Vol 50-51 ◽  
pp. 578-582
Author(s):  
Xiu Yu Zhong
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Network Data ◽  
Evidence Based ◽  
Sequence Mining ◽  
Network Forensics ◽  
Frequent Sequence ◽  
Signature Database ◽  
Simulation Results

For the mistaken report and false alarm occurring frequently in intrusion detection system (IDS), the evidence based on forensics system of IDS is inefficient and low credibility. Frequent sequence mining based on Jpcap is proposed for network forensics analysis. After fetching and filtering network data package, the system mines data with frequent sequence according to the evidence relevance to build and update signature database of offense, and judges whether the current user’s behavior is legal in the network forensics analysis stage or not. Simulation results show that the algorithm of frequent sequence mining can identify the new crime behavior and improve the credibility and efficiency of evidence in network forensics analysis.

Sign in / Sign up

Export Citation Format

Share Document