Events Classification in Log Audit
Sabah Al-Fedaghi and Fahad Mahdi
Computer Engineering Department, Kuwait University, Kuwait
ABSTRACT
Information security audit is a monitoring/logging mechanism to ensure compliance with regulations and to detect abnormalities, security breaches, and privacy violations; however, auditing too many events causes overwhelming use of system resources and impacts performance. Consequently, a classification of events is used to prioritize events and configure the log system. Rules can be applied according to this classification to make decisions about events to be archived and types of actions invoked by events. Current classification methodologies are fixed to specific types of incident occurrences and applied in terms of system-dependent description. In this paper, we propose a conceptual model that produces an implementation-independent logging scheme to monitor events.
KEYWORDS
Information security, event classification, audit system, log analysis.
Original Source Link :http://airccse.org/journal/nsa/0410ijnsa5.pdf
No comments:
Post a Comment