Avaliação do Emprego de Raciocínio baseado em Casos para Identificar Cenários de Intrusão em Logs de Firewalls

Samir LohmannLuciano Paschoal GasparyCristina Melchiors

The content analysis of firewall logs is fundamental to recognize suspicious event sequences that indicate strategies used by intruders in an attempt to obtain non-authorized access to stations and services. Such analysis, due to the large volume of stored log data, is not feasible to be performed by hand. This paper presents an approach that explores the case-based reasoning technique, from the Artificial Intelligence field, to identify, automatically, intrusion scenarios in firewall logs. The paper describes the evaluation of our approach carried out based on real log files generated by the university firewall, and discusses how the tunning of parameters that comprise a case influences alert generation, aiming at determining parameter combinations that lead to a satisfactory relation between detection of intrusion scenarios and number of alerts generated.

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato:
     Mantida por: