tailieunhanh - Events Classification in Log Audit

That said, a variety of alternatives present themselves. The first is to use data on the difference between growth prior to the crisis and its trough. This measure, however, may be sensitive to the phase of an economy’s business cycle during 2007 and does not incorporate the duration of the crisis. Another possibility is to use forecast data and consider downward revisions and disappointments. Such a measure unnecessarily restricts the scope of the exercise, as data are not available for a broad sample of countries. These shortcomings could be addressed by focusing on industrial production, but this measure would downplay. | International Journal of Network Security Its Applications IJNSA Volume 2 Number 2 April 2010 Events Classification in Log Audit Sabah Al-Fedaghi1 and Fahad Mahdi 2 Computer Engineering Department Kuwait University Kuwait 1sabah@ Abstract Information security audit is a monitoring logging mechanism to ensure compliance with regulations and to detect abnormalities security breaches and privacy violations however auditing too many events causes overwhelming use of system resources and impacts performance. Consequently a classification of events is used to prioritize events and configure the log system. Rules can be applied according to this classification to make decisions about events to be archived and types of actions invoked by events. Current classification methodologies are fixed to specific types of incident occurrences and applied in terms of system-dependent description. In this paper we propose a conceptual model that produces an implementation-independent logging scheme to monitor events. Keywords Information security event classification audit system log analysis. 1. Introduction An event log or audit trail is an ordered sequence of occurrences containing evidence of the execution of a process by users systems or other entities. Various sources and entities in the system send messages regarding their processes . who what operations time etc. that are kept in several logs including logs about the following Application events Events describe operations of various application programs. Security-related events Events report on successful or failed operations . attempts to access critical servers. System events Events that include setup events and system warnings . bad disk attempt to tamper with a system file. Event logs are becoming increasingly valuable tools for monitoring the security and performance of computer systems and networks. Their rationalization is to be alert since prevention is better than cure. .