CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

A Revised Taxonomy of Data Collection Mechanisms with a Focus on Intrusion Detection

Ulf Larson (Institutionen för data- och informationsteknik, Datorteknik (Chalmers)) ; Stefan Lindskog ; Erland Jonsson (Institutionen för data- och informationsteknik, Datorteknik (Chalmers))
Proceedings of the Third IEEE International Conference on Availability, Reliability and Security (ARES 2008) (2008)
[Konferensbidrag, refereegranskat]

Surprisingly few data collection mechanisms have been used for intrusion detection, and most systems rely on network and system call data as input to the detection engine. Even though the quality of log data is vital to the detection process and heavily dependent on the collection mechanism, no extensive survey or taxonomy has been conducted within the detection field. In this paper, we propose a revised taxonomy which provides a unified terminology and a framework in which data collection mechanisms can be systematically inspected, evaluated, and compared. Since the taxonomy is derived from existing mechanisms, it also provides a useful overview of different types of mechanisms. The paper also suggests areas within data collection where additional work is required.

Nyckelord: Data collection, intrusion detection, taxonomy



Denna post skapades 2008-02-19.
CPL Pubid: 68340

 

Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Datorteknik (Chalmers)

Ämnesområden

Datorteknik

Chalmers infrastruktur