Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
A Structured Overview of Data Collection with a Focus on Intrusion Detection
Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Avdelningen för datavetenskap. Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Centrum för HumanIT.ORCID-id: 0000-0003-0778-4736
2008 (engelsk)Rapport (Fagfellevurdert)
Abstract [en]

Collection and analysis of audit data is a critical component in many computer-related activities, such as debugging, measurement, and detection. Data is required to be correct and to be delivered in a timely fashion. Additionally, the data should be sparse to reduce the amount of resources used to collect and store it. At the same time, the data must contain the necessary attributes with respect to the goal of the collection. The production of audit data depends directly on the deployed data collection mechanisms. Adequate mechanism knowledge is thus a critical resource for software developers, security officers, and system administrators and operators. This report aims at providing a clear and concise picture of how data collection mechanisms work. It provides a detailed explanation of generic data collection mechanism components and the interaction with the environment, from initial triggering to output of log data records. Furthermore, it provides a taxonomy of mechanism characteristics based on previously published theoretical results [43, 44]. Guidelines and hints for mechanism selection are provided and examples of application fields that benefit from proper mechanism knowledge are presented. An extensive appendix contains 50 surveyed mechanisms. We believe that the classification and the guidelines can be used to assist system administrators and operators in performing resource efficient mechanism selection. The guidelines and the classification can also be used when a specific type of data collection is desired. For example, it is easy to find out what mechanisms collect samples for execution profiling, and what mechanisms that can be reconfigured without the need for restart. This is a valuable source of information that reduces the need to browse multiple manual pages and whitepapers to find the desired mechanism. Furthermore, by using the selection guidelines, we can obtain a more resource efficient data collection and obtain a more accurate data analysis

sted, utgiver, år, opplag, sider
2008.
Emneord [en]
data collection, intrusion, intrusion detection, logging, taxonomy
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
URN: urn:nbn:se:kau:diva-16647OAI: oai:DiVA.org:kau-16647DiVA, id: diva2:590238
Tilgjengelig fra: 2013-01-21 Laget: 2013-01-21 Sist oppdatert: 2018-01-11

Open Access i DiVA

Fulltekst mangler i DiVA

Personposter BETA

Lindskog, Stefan

Søk i DiVA

Av forfatter/redaktør
Lindskog, Stefan
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric

urn-nbn
Totalt: 512 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf