LUARM: An Audit Engine for Insider Misuse Detection

G. Magklaras; S. Furnell; M. Papadaki

首页> 外文期刊>International journal of digital crime and forensics >LUARM: An Audit Engine for Insider Misuse Detection

【24h】

LUARM: An Audit Engine for Insider Misuse Detection

机译：LUARM：用于内部滥用检测的审核引擎

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Logging User Actions in Relational Mode (LUARM) is an open source audit engine for Linux. It provides a near real-time snapshot of a number of user action data such as file access, program execution and network endpoint user activities, all organized in easily searchable relational tables. LUARM attempts to solve two fundamental problems of the insider IT misuse domain. The first concerns the lack of insider misuse case data repositories that could be used by post-case forensic examiners to aid an incident investigation. The second problem relates to how information security researchers can enhance their ability to specify accurately insider threats at system level. This paper presents LUARM's design perspectives and a 'post mortem 'case study of an insider IT misuse incident. The results show that the prototype audit engine has good potential to provide a valuable insight into the way insider IT misuse incidents manifest on IT systems and can be a valuable complement to forensic investigators of IT misuse incidents.

机译：在关系模式下记录用户操作（LUARM）是Linux的开源审核引擎。它提供了许多用户操作数据的近乎实时的快照，例如文件访问，程序执行和网络端点用户活动，所有这些都组织在易于搜索的关系表中。 LUARM试图解决内部IT滥用域的两个基本问题。第一个问题涉及缺乏内幕滥用案件数据存储库，案件后的法医检查人员可以使用该数据存储库来协助事件调查。第二个问题涉及信息安全研究人员如何增强他们在系统级别准确指定内部威胁的能力。本文介绍了LUARM的设计观点和内部IT滥用事件的“事后调查”案例研究。结果表明，原型审计引擎具有很好的潜力，可以为内部IT滥用事件在IT系统上的表现方式提供有价值的见解，并且可以作为对IT滥用事件的法医调查人员的宝贵补充。

著录项

来源
《International journal of digital crime and forensics》 |2011年第3期|p.37-49|共13页
作者
G. Magklaras; S. Furnell; M. Papadaki;
展开▼
作者单位

University of Plymouth, UK;

University of Plymouth, UK;

University of Plymouth, UK;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
auditing; forensics; insiders; IT misuse; logging; misuse detection;

机译：审计;法证;内部人士IT滥用记录滥用检测;

相似文献

外文文献
中文文献
专利

1. Using Genetic Algorithm to Minimize False Alarms in Insider Threats Detection of Information Misuse in Windows Environment [J] . Bin Ahmad Maaz, Akram Adeel, Asif M., Mathematical Problems in Engineering . 2014,第pta21期

机译：Windows环境中使用遗传算法将内部威胁检测中的误用最小化
2. Using Genetic Algorithm to Minimize False Alarms in Insider Threats Detection of Information Misuse in Windows Environment [J] . MaazBin Ahmad, AdeelAkram, M.Asif, Mathematical Problems in Engineering: Theory, Methods and Applications . 2014,第4期

机译：在Windows环境中使用遗传算法将内部威胁检测中的误用最小化
3. Statistical foundations of audit trail analysis for the detection of computer misuse [J] . Helman P., Liepins G. IEEE Transactions on Software Engineering . 1993,第9期

机译：审计追踪分析的统计基础，用于检测计算机滥用
4. Beyond M-score for detection of misusability by malicious insiders [C] . J. Pradeep Kumar, A. Udaya Kumar, T. Ravi International Conference on Computing for Sustainable Global Development . 2016

机译：超越M得分，可检测恶意内部人员的可滥用性
5. Insider computer fraud detection in applications: A defense in depth framework involving software engineering and novelty neural networks. [D] . Brancik, Kenneth Charles. 2005

机译：应用程序中的内部计算机欺诈检测：涉及软件工程和新颖神经网络的纵深防御框架。
6. INSIDER: alignment-free detection of foreign DNA sequences [O] . Aidan P. Tay, Brendan Hosking, Cameron Hosking, 2021

机译：Insider：对对准的外国DNA序列的检测
7. Hybrid detection for databases using SQL injection and insider misuse detection techniques [O] . Asmawi Aziah 2010

机译：使用SQL注入和内部人员滥用检测技术的数据库混合检测
8. Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defense Information Systems [R] . Anderson, R. H. 1999

机译：研究和开发计划专注于预防，检测和应对关键防御信息系统的内部滥用

LUARM: An Audit Engine for Insider Misuse Detection

摘要

著录项

相似文献

相关主题

期刊订阅