Despite neglected by most security managers due to the low availability of tools, the content analysis of firewall logs is fundamental (a) to measure and identify accesses to external and private networks, (b) to access the historical growth of accesses volume and applications used, (c) to debug problems on the configuration of filtering rules and (d) to recognize suspicious event sequences that indicate strategies used by intruders in attempt to obtain non-authorized access to stations and services. This paper presents an approach to classify, characterize and analyze events generated by firewalls. The proposed approach explores the case-based reasoning technique, from the Artificial Intelligence field, to identify possible intrusion scenarios. The paper also describes the validation of our approach carried out based on real logs generated along one week by the university firewall. © IFIP International Federation for Information Processing 2004.
CITATION STYLE
Locatelli, F. E., Gaspary, L. P., Melchiors, C., Lohmann, S., & Dillenburg, F. (2004). Spotting intrusion scenarios from firewall logs through a case-based reasoning approach. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3278, 196–207. https://doi.org/10.1007/978-3-540-30184-4_17
Mendeley helps you to discover research relevant for your work.