A. Meena, N. Hubballi, Yogendra Singh, V. Bhatia, K. Franke
{"title":"Network Security Systems Log Analysis for Trends and Insights: A Case Study","authors":"A. Meena, N. Hubballi, Yogendra Singh, V. Bhatia, K. Franke","doi":"10.1109/ANTS50601.2020.9342776","DOIUrl":null,"url":null,"abstract":"Network perimeter security appliances like firewalls, intrusion detection systems mediate communications and log details pertaining to various events. Logs generated by these systems are used to identify security compromises, vulnerable systems, mis-configurations, etc and serve as a valuable asset for a network administrator. In this paper, we report on a study conducted using logs generated by production level security appliances deployed in our university network. In particular, we process the logs generated by firewall, intrusion detection/prevention system and domain name system service to identify trends and gain insights. We process 71 million network connection records which includes 95.7 thousand alerts generated by an open source intrusion detection system collected over a period of 31 days and derive statistics to understand end host level behavioral trends. In our analysis we compare hosts which are known to be infected with malware or running Peer-to-Peer applications and remaining using a set of relevant parameters and identify clearly differentiated behavioral trends.","PeriodicalId":426651,"journal":{"name":"2020 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ANTS50601.2020.9342776","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Network perimeter security appliances like firewalls, intrusion detection systems mediate communications and log details pertaining to various events. Logs generated by these systems are used to identify security compromises, vulnerable systems, mis-configurations, etc and serve as a valuable asset for a network administrator. In this paper, we report on a study conducted using logs generated by production level security appliances deployed in our university network. In particular, we process the logs generated by firewall, intrusion detection/prevention system and domain name system service to identify trends and gain insights. We process 71 million network connection records which includes 95.7 thousand alerts generated by an open source intrusion detection system collected over a period of 31 days and derive statistics to understand end host level behavioral trends. In our analysis we compare hosts which are known to be infected with malware or running Peer-to-Peer applications and remaining using a set of relevant parameters and identify clearly differentiated behavioral trends.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
