L. Gaspary, Cristina Melchiors, Fábio Elias Locatelli, F. Dillenburg
{"title":"通过对防火墙事件的分类、表征和分析,识别入侵场景","authors":"L. Gaspary, Cristina Melchiors, Fábio Elias Locatelli, F. Dillenburg","doi":"10.1109/LCN.2004.65","DOIUrl":null,"url":null,"abstract":"The content analysis of firewall logs is essential (i) to quantify and identify accesses to external and private networks, (ii) to follow the historical growth of accesses volume and applications used, (iii) to debug problems on the configuration of filtering rules and (iv) to recognize suspicious event sequences that indicate strategies used by intruders in attempts to obtain non-authorized access to stations and services. The paper presents an approach to classify, characterize and analyze events generated by firewalls. The proposed approach explores the case-based reasoning technique to identify possible intrusion scenarios. The paper also describes the validation of our approach carried out based on real logs generated during one week by the university firewall.","PeriodicalId":366183,"journal":{"name":"29th Annual IEEE International Conference on Local Computer Networks","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Identification of intrusion scenarios through classification, characterization and analysis of firewall events\",\"authors\":\"L. Gaspary, Cristina Melchiors, Fábio Elias Locatelli, F. Dillenburg\",\"doi\":\"10.1109/LCN.2004.65\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The content analysis of firewall logs is essential (i) to quantify and identify accesses to external and private networks, (ii) to follow the historical growth of accesses volume and applications used, (iii) to debug problems on the configuration of filtering rules and (iv) to recognize suspicious event sequences that indicate strategies used by intruders in attempts to obtain non-authorized access to stations and services. The paper presents an approach to classify, characterize and analyze events generated by firewalls. The proposed approach explores the case-based reasoning technique to identify possible intrusion scenarios. The paper also describes the validation of our approach carried out based on real logs generated during one week by the university firewall.\",\"PeriodicalId\":366183,\"journal\":{\"name\":\"29th Annual IEEE International Conference on Local Computer Networks\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-11-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"29th Annual IEEE International Conference on Local Computer Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LCN.2004.65\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"29th Annual IEEE International Conference on Local Computer Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN.2004.65","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Identification of intrusion scenarios through classification, characterization and analysis of firewall events
The content analysis of firewall logs is essential (i) to quantify and identify accesses to external and private networks, (ii) to follow the historical growth of accesses volume and applications used, (iii) to debug problems on the configuration of filtering rules and (iv) to recognize suspicious event sequences that indicate strategies used by intruders in attempts to obtain non-authorized access to stations and services. The paper presents an approach to classify, characterize and analyze events generated by firewalls. The proposed approach explores the case-based reasoning technique to identify possible intrusion scenarios. The paper also describes the validation of our approach carried out based on real logs generated during one week by the university firewall.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
