Distributed audit trail analysis

Mounji, A.; Charlier, Baudouin Le; Zampunieris, D.; Habra, Naji

doi:10.1109/ndss.1995.390641

Cited by 24 publications

(19 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Performance testing of the log monitoring solution must be tested before implementation [17] to provide feedback on how the log management acts under stress that the FIM will bring. The network environment, topology, and structure in which the log management solution will be deployed within should be considered [17].…”

Section: Combining Fim With Logging Solutionsmentioning

confidence: 99%

“…The network environment, topology, and structure in which the log management solution will be deployed within should be considered [17]. This is to ensure that enough hardware space is allocated for logs that are retrieved from computer sources.…”

Section: Combining Fim With Logging Solutionsmentioning

confidence: 99%

“…A log management solution should use a standardized programming solution to provide better log management and collection [17]. This will also allow determining if the FIM deployed will be compatible with the log management solution.…”

Section: Combining Fim With Logging Solutionsmentioning

confidence: 99%

See 2 more Smart Citations

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

Wilbert

Chen

2014

Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT)

View full text Add to dashboard Cite

File Integrity Monitoring (FIM) can provide the ability to track changes which have been made to an operating system or software as a result of malicious behavior. For small business environments, the need for these tools is present; however, because of the difficulty of managing such software many businesses may ignore using them. This paper will discuss how a small business should create criteria for comparing file integrity monitoring tools in order to locate the most effective product for their environment.

show abstract

Section: Combining Fim With Logging Solutionsmentioning

confidence: 99%

Section: Combining Fim With Logging Solutionsmentioning

confidence: 99%

See 1 more Smart Citation

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

Wilbert

Chen

2014

Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT)

View full text Add to dashboard Cite

show abstract

“…Misuse detection models the patterns of known attacks or vulnerabilities, and identifies actions that conform to such patterns as attacks. Existing approaches include rule-based methods (e.g., ASAX [26], P-BEST [25]), state transition based methods [5], [14], and data mining approaches [22], [23]. Most of these techniques cannot be directly applied to sensor networks due to the resource constraints on sensor nodes.…”

Section: Intrusion Detectionmentioning

confidence: 99%

LAD: Localization anomaly detection for wireless sensor networks

Fang

Ningi

2006

Journal of Parallel and Distributed Computing

134

130

View full text Add to dashboard Cite

Abstract-In wireless sensor networks (WSNs), sensors' locations play a critical role in many applications. Having a GPS receiver on every sensor node is costly. In the past, a number of location discovery (localization) schemes have been proposed. Most of these schemes share a common feature: they use some special nodes, called beacon nodes, which are assumed to know their own locations (e.g., through GPS receivers or manual configuration). Other sensors discover their locations based on the reference information provided by these beacon nodes.Most of the beacon-based localization schemes assume a benign environment, where all beacon nodes are supposed to provide correct reference information. However, when the sensor networks are deployed in a hostile environment, where beacon nodes can be compromised, such an assumption does not hold anymore.In this paper, we propose a general scheme to detect localization anomalies that are caused by adversaries. Our scheme is independent from the localization schemes. We formulate the problem as an anomaly intrusion detection problem, and we propose a number of ways to detect localization anomalies. We have conducted simulations to evaluate the performance of our scheme, including the false positive rates, the detection rates, and the resilience to node compromises.

show abstract

“…As organizations grow into larger virtual organizations, more points of vulnerability emerge and attackers can carry out more widely distributed forms of attack. Traditional means of distributed audit cannot be used within virtual organizations due to concerns over both log privacy and the safety of centralizing sensitive data storage [22]. The fact that two organizations are willing to cooperate for the purpose of carrying out a particular type of interaction does not, and should not, imply that they completely trust one another.…”

Section: Introductionmentioning

confidence: 99%

A privacy-preserving interdomain audit framework

Lee

Tabriz

Borisov

2006

Proceedings of the 5th ACM Workshop on Privacy in Electronic Society

View full text Add to dashboard Cite

Recent trends in Internet computing have led to the popularization of many forms of virtual organizations. Examples include supply chain management, grid computing, and collaborative research environments like PlanetLab. Unfortunately, when it comes to the security analysis of these systems, the whole is certainly greater than the sum of its parts. That is, local intrusion detection and audit practices are insufficient for detecting distributed attacks such as coordinated network reconnaissance, stepping-stone attacks, and violations of application-level trust constraints between security domains. A distributed process that coordinates information from each member could detect these types of violations, but privacy concerns between member organizations or safety concerns about centralizing sensitive information often restrict this level of information flow. In this paper, we propose a privacy-preserving framework for distributed audit that allows member organizations to detect distributed attacks without requiring the release of excessive private information. We discuss both the architecture and mechanisms used in our approach and comment on the performance of a prototype implementation.

show abstract

Distributed audit trail analysis

Cited by 24 publications

References 4 publications

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

LAD: Localization anomaly detection for wireless sensor networks

A privacy-preserving interdomain audit framework

Contact Info

Product

Resources

About