Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
A Structured Overview of Data Collection with a Focus on Intrusion Detection
Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Avdelningen för datavetenskap. Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Centrum för HumanIT.ORCID-id: 0000-0003-0778-4736
2008 (Engelska)Rapport (Refereegranskat)
Abstract [en]

Collection and analysis of audit data is a critical component in many computer-related activities, such as debugging, measurement, and detection. Data is required to be correct and to be delivered in a timely fashion. Additionally, the data should be sparse to reduce the amount of resources used to collect and store it. At the same time, the data must contain the necessary attributes with respect to the goal of the collection. The production of audit data depends directly on the deployed data collection mechanisms. Adequate mechanism knowledge is thus a critical resource for software developers, security officers, and system administrators and operators. This report aims at providing a clear and concise picture of how data collection mechanisms work. It provides a detailed explanation of generic data collection mechanism components and the interaction with the environment, from initial triggering to output of log data records. Furthermore, it provides a taxonomy of mechanism characteristics based on previously published theoretical results [43, 44]. Guidelines and hints for mechanism selection are provided and examples of application fields that benefit from proper mechanism knowledge are presented. An extensive appendix contains 50 surveyed mechanisms. We believe that the classification and the guidelines can be used to assist system administrators and operators in performing resource efficient mechanism selection. The guidelines and the classification can also be used when a specific type of data collection is desired. For example, it is easy to find out what mechanisms collect samples for execution profiling, and what mechanisms that can be reconfigured without the need for restart. This is a valuable source of information that reduces the need to browse multiple manual pages and whitepapers to find the desired mechanism. Furthermore, by using the selection guidelines, we can obtain a more resource efficient data collection and obtain a more accurate data analysis

Ort, förlag, år, upplaga, sidor
2008.
Nyckelord [en]
data collection, intrusion, intrusion detection, logging, taxonomy
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
URN: urn:nbn:se:kau:diva-16647OAI: oai:DiVA.org:kau-16647DiVA, id: diva2:590238
Tillgänglig från: 2013-01-21 Skapad: 2013-01-21 Senast uppdaterad: 2018-01-11

Open Access i DiVA

Fulltext saknas i DiVA

Personposter BETA

Lindskog, Stefan

Sök vidare i DiVA

Av författaren/redaktören
Lindskog, Stefan
Av organisationen
Avdelningen för datavetenskapCentrum för HumanIT
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 512 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf