Explorative Visualization of Log Data to Support Forensic Analysis and Signature Development

Today's growing number of security threats to computers and networks also increase the importance of log inspections to support the detection of possible breaches. The investigation and assessment of security incidents becomes more and more a daily business. Further, the manual log analysis is...

Full description

Saved in:
Bibliographic Details
Published in2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering pp. 109 - 118
Main Authors Schmerl, Sebastian, Vogel, Michael, Rietz, René, König, Hartmut
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.05.2010
Subjects
Attack Signatures
Audit Data Analysis
Character generation
Communication networks
Communication system security
Computer Forensic
Computer Security
Data security
Data visualization
Digital forensics
Event detection
Information analysis
Information security
Intrusion Detection
Misuse Detection
Proposals
Online AccessGet full text

Cover

More Information
Summary:Today's growing number of security threats to computers and networks also increase the importance of log inspections to support the detection of possible breaches. The investigation and assessment of security incidents becomes more and more a daily business. Further, the manual log analysis is essentially in the context of developing signatures for intrusion detection systems (IDS), which allow for an automated defense against security attacks or incidents. But the analysis of log data in the context of fo-rensic investigations and IDS signature development is a tedious and time-consuming task, due to the large amount of textual data. Moreover, this task requires a skilled knowledge to differentiate between the important and the non-relevant information. In this paper, we propose an approach for log resp. audit data representation, which aims at simplifying the analysis process for the security officer. For this purpose audit data and existing relations between audit events are represented graphically in a three-dimensional space. We describe a general approach for analyzing and exploring audit or log data in the context of this presentation paradigm. Further, we introduce our tool, which implements this approach and demonstrate the strengths and benefits of this presentation and exploration form.
ISBN:9780769540528
076954052X
DOI:10.1109/SADFE.2010.10