Enterprise wide centralized logging mechanism for application level intrusion detection

Riaz A. Shaikh, Saeed Rajput, S. M. H. Zaidi, Kashif Sharif

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Due to increase in occurrences of intrusion events, organizations are now moving towards implementation of various types of monitoring systems to detect and prevent IT security breaches. For that purpose, different techniques have been used. Logging is one of such technique. Typical enterprise consists of firewalls, intrusion detection systems, operating systems, legacy applications etc, where each element uses its own conventions and formats of logs. It increases the complexity in comprehensive analysis of logs to generate real time alerts and it also increases time to conduct forensic analysis. In this paper we have presented the concept of application level unification of logs in a consistent format at centralized locations to detect and prevent real time or near real time intrusions in a cost effective manner.

Original languageEnglish
Title of host publicationProceedings of The 2005 International Conference on Security and Management, SAM'05
Pages144-148
Number of pages5
Publication statusPublished - 2005
Event2005 International Conference on Security and Management, SAM'05 - Las Vegas, NV, United States
Duration: 20 Jun 200523 Jun 2005

Publication series

NameProceedings of The 2005 International Conference on Security and Management, SAM'05

Conference

Conference2005 International Conference on Security and Management, SAM'05
Country/TerritoryUnited States
CityLas Vegas, NV
Period20/06/0523/06/05

Keywords

  • Enterprise
  • IDMEF
  • Intrusion detection
  • Logging mechanism

Cite this