Spotting Intrusion Scenarios from Firewall Logs Through a Case-Based Reasoning Approach

Spotting Intrusion Scenarios from Firewall Logs Through a Case-Based Reasoning Approach

Despite neglected by most security managers due to the low availability of tools, the content analysis of firewall logs is fundamental (a) to measure and identify accesses to external and private networks, (b) to access the historical growth of accesses volume and applications used, (c) to debug pro...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Locatelli, Fábio Elias, Gaspary, Luciano Paschoal, Melchiors, Cristina, Lohmann, Samir, Dillenburg, Fabiane
Format: Buchkapitel
Sprache:eng
Schlagworte:
Applied sciences
Computer science
control theory
systems
Computer systems and distributed systems. User interface
Exact sciences and technology
Intrusion Detection
Intrusion Detection System
Security Manager
Software
Suspicious Activity
Suspicious Behavior
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Despite neglected by most security managers due to the low availability of tools, the content analysis of firewall logs is fundamental (a) to measure and identify accesses to external and private networks, (b) to access the historical growth of accesses volume and applications used, (c) to debug problems on the configuration of filtering rules and (d) to recognize suspicious event sequences that indicate strategies used by intruders in attempt to obtain non-authorized access to stations and services. This paper presents an approach to classify, characterize and analyze events generated by firewalls. The proposed approach explores the case-based reasoning technique, from the Artificial Intelligence field, to identify possible intrusion scenarios. The paper also describes the validation of our approach carried out based on real logs generated along one week by the university firewall.
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-540-30184-4_17