Saturday, 16 June 2018

Events Classification in Log Audit

Events Classification in Log Audit 
Sabah Al-Fedaghi and Fahad Mahdi 
Computer Engineering Department, Kuwait University, Kuwait

ABSTRACT

Information security audit is a monitoring/logging mechanism to ensure compliance with regulations and to detect abnormalities, security breaches, and privacy violations; however, auditing too many events causes overwhelming use of system resources and impacts performance. Consequently, a classification of events is used to prioritize events and configure the log system. Rules can be applied according to this classification to make decisions about events to be archived and types of actions invoked by events. Current classification methodologies are fixed to specific types of incident occurrences and applied in terms of system-dependent description. In this paper, we propose a conceptual model that produces an implementation-independent logging scheme to monitor events.

KEYWORDS

Information security, event classification, audit system, log analysis. 

No comments:

Post a Comment