Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników

Znaleziono wyników: 1

Liczba wyników na stronie
first rewind previous Strona / 1 next fast forward last
Wyniki wyszukiwania
Wyszukiwano:
w słowach kluczowych:  NIDS
help Sortuj według:

help Ogranicz wyniki do:
first rewind previous Strona / 1 next fast forward last
EN
The article proposes a log analysis approach to detection of security violations, based on a four layer design. First layer, named the event source layer, describes sources of information that can be used for misuse investigation. Transport layer represents the method of collecting event data, preserving it in the form of logs and passing it to another layer, called the analysis layer. This third layer is responsible for analyzing the logs' content, picking relevant information and generating security alerts. Last layer, called normalization layer, is custom software which normalizes and correlates produced alerts to raise notice on more complex attacks. Logs from remote hosts are collected by using rsyslog software and OSSEC HIDS with custom decoders and rules is used on a central log server for log analysis. A novel method of handling OSSEC HIDS alerts by their normalization and correlation is proposed. The output can be optionally suppressed to protect the system against alarm flood and reduce the count of messages transmitted in the network.
first rewind previous Strona / 1 next fast forward last
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.