By Topic

Explorative Visualization of Log Data to Support Forensic Analysis and Signature Development

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Schmerl, S. ; Comput. Networks & Commun. Syst. Group, Brandenburg Univ. of Technol., Cottbus, Germany ; Vogel, M. ; Rietz, R. ; König, H.

Today's growing number of security threats to computers and networks also increase the importance of log inspections to support the detection of possible breaches. The investigation and assessment of security incidents becomes more and more a daily business. Further, the manual log analysis is essentially in the context of developing signatures for intrusion detection systems (IDS), which allow for an automated defense against security attacks or incidents. But the analysis of log data in the context of fo-rensic investigations and IDS signature development is a tedious and time-consuming task, due to the large amount of textual data. Moreover, this task requires a skilled knowledge to differentiate between the important and the non-relevant information. In this paper, we propose an approach for log resp. audit data representation, which aims at simplifying the analysis process for the security officer. For this purpose audit data and existing relations between audit events are represented graphically in a three-dimensional space. We describe a general approach for analyzing and exploring audit or log data in the context of this presentation paradigm. Further, we introduce our tool, which implements this approach and demonstrate the strengths and benefits of this presentation and exploration form.

Published in:

Systematic Approaches to Digital Forensic Engineering (SADFE), 2010 Fifth IEEE International Workshop on

Date of Conference:

20-20 May 2010