Identificação de Cenários de Intrusão pela Classificação, Caracterização e Análise de Eventos gerados por Firewalls

Fábio Elias LocatelliFabiane DillenburgCristina MelchiorsLuciano Gaspary

Despite neglected by most security managers due to the low availability of tools, the content analysis of firewall logs is fundamental (a) to measure and identify accesses to external and private networks, (b) to assess the historical growth of accesses volume and applications used, (c) to debug problems on the configuration of filtering rules and (d) to recognize suspicious event sequences that indicate strategies used by intruders in an attempt to obtain non authorized access to stations and services. This paper presents an approach, accompanied of a tool, to classify, characterize and analyze events generated by firewalls. The proposed approach explores the case-based reasoning technique, from the Artificial Intelligence field, and visualization mechanisms in order to identify and emphasize possible intrusion scenarios. The paper also describes the validation of both our approach and tool carried out based on real logs generated along one week by the university firewall.

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato:
     Mantida por: