Normalizing security audit data in XML-format
2004 (English)Report (Other academic)
The analysis of log data can be extremely difficult for an administrator due to a large volume of log data with various formats from a number of different sources. It is also impossible to get a more precise view of the network security without aggregating and correlating log data generated by different defending systems and tools. The paper described is to establish an intermediate and platform-independent representation to which all security log data can be normalized to. The work presented here is only a part of an ongoing project that aims at detecting intrusions by utilizing data-mining techniques. In this paper, the log format normalized is proposed and implemented in XML format. This XML log format is not only flexible, extensible and heterogeneous; it also satisfies the other requirements, such as being convenient and easy to share, transfer, and store among different computer systems. It is anticipated that the XML log format will facilitate further research work in intrusion detection.
Place, publisher, year, edition, pages
Luleå: Luleå tekniska universitet, 2004. , 10 p.
Technical report / Luleå University of Technology, ISSN 1402-1536 ; 2004:13
Research subject Computer and Systems Science
IdentifiersURN: urn:nbn:se:ltu:diva-21780Local ID: 014c81e0-280d-11dd-8187-000ea68e967bOAI: oai:DiVA.org:ltu-21780DiVA: diva2:994828
Godkänd; 2004; 20080522 (ysko)2016-09-292016-09-29Bibliographically approved