An Efficient Web Intrusion Detection through a Collaborative Log Reduction and Correlation
碩士 === 國立中正大學 === 通訊工程學系 === 98 === How to detect intrusion and handle security incidents are top of mind for security officers. Although event logs provide a system view to help administrators to protect their system, they are bulky and complicated to use and increase the complexity of the whole se...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2010
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/55970347263145459597 |
| Summary: | 碩士 === 國立中正大學 === 通訊工程學系 === 98 === How to detect intrusion and handle security incidents are top of mind for security officers. Although event logs provide a system view to help administrators to protect their system, they are bulky and complicated to use and increase the complexity of the whole security handling tasks. We propose a platform integrating log reduction with alert correlation mechanisms to provide a web application forensics. By collecting unusual records and reducing numerous security alerts, system administrators are able to analyze and interpret logs effectively then answer 5W1H (who sent what information at when, why and how it happens) when web intrusion occurs.
|
|---|