Samir Lohmann,  Luciano Paschoal Gaspary,  Cristina Melchiors. 

The content analysis of firewall logs is fundamental to recognize suspicious event sequences that indicate strategies used by intruders in an attempt to obtain non-authorized access to stations and services. Such analysis, due to the large volume of stored log data, is not feasible to be performed by hand. This paper presents an approach that explores the case-based reasoning technique, from the Artificial Intelligence field, to identify, automatically, intrusion scenarios in firewall logs. The paper describes the evaluation of our approach carried out based on real log files generated by the university firewall, and discusses how the tunning of parameters that comprise a case influences alert generation, aiming at determining parameter combinations that lead to a satisfactory relation between detection of intrusion scenarios and number of alerts generated.

http://www.lbd.dcc.ufmg.br/colecoes/sbseg/2005/0017.pdf

Processando consulta.