%0 Journal Article %1 sapegin2014normalisation %A Sapegin, Andrey %A Jaeger, David %A Azodi, Amir %A Gawron, Marian %A Cheng, Feng %A Meinel, Christoph %D 2014 %J Journal of Information Assurance and Security %K detection intrusion log messages myown normalisation %N 3 %P 167-176 %T Normalisation of Log Messages for Intrusion Detection %V 9 %X Invited paper. Preliminary version of this paper appears as ”Hierarchical Object Log Format for Normalisation of Security Events” in Proceedings of the 9th International Conference on Information Assurance and Security (IAS 2013). The differences in log file formats employed in a variety of services and applications remain to be a problem for security analysts and developers of intrusion detection systems. The proposed solution, i.e. the usage of common log formats, has a limited utilisation within existing systems for security management. In our paper, we reveal the reasons for this limitation and show disadvantages of existing common log formats for ormalisation of security events. To deal with it we have created a new log format that fits for intrusion detection purposes and can be extended easily. Based on our developing intrusion detection system, we demonstrate advantages of offered format. However, taking previous work into account, we would like to propose a new format as an extension to existing common log formats, rather than a standalone specification.

@article{sapegin2014normalisation, abstract = {Invited paper. Preliminary version of this paper appears as ”Hierarchical Object Log Format for Normalisation of Security Events” in Proceedings of the 9th International Conference on Information Assurance and Security (IAS 2013). The differences in log file formats employed in a variety of services and applications remain to be a problem for security analysts and developers of intrusion detection systems. The proposed solution, i.e. the usage of common log formats, has a limited utilisation within existing systems for security management. In our paper, we reveal the reasons for this limitation and show disadvantages of existing common log formats for ormalisation of security events. To deal with it we have created a new log format that fits for intrusion detection purposes and can be extended easily. Based on our developing intrusion detection system, we demonstrate advantages of offered format. However, taking previous work into account, we would like to propose a new format as an extension to existing common log formats, rather than a standalone specification.}, added-at = {2014-09-16T10:18:28.000+0200}, author = {Sapegin, Andrey and Jaeger, David and Azodi, Amir and Gawron, Marian and Cheng, Feng and Meinel, Christoph}, biburl = {https://www.bibsonomy.org/bibtex/210d00c8382385acd8789e9757be2f2dc/andrey.sapegin}, interhash = {570371a45c716b04aa11889cef008b44}, intrahash = {10d00c8382385acd8789e9757be2f2dc}, journal = {Journal of Information Assurance and Security}, keywords = {detection intrusion log messages myown normalisation}, month = sep, number = 3, pages = {167-176}, timestamp = {2014-09-16T10:18:28.000+0200}, title = {Normalisation of Log Messages for Intrusion Detection}, volume = 9, year = 2014 }