A Dynamically Configurable Log-Based Distributed Security Event Detection Methodology Using Simple Event Correlator (Paperback)

This research effort identifies attributes of distributed event correlation which make it desirable for security event detection, and evaluates those attributes in a comparison with a centralized alternative. Event correlation is an effective means of detecting complex situations encountered in information technology environments. Centralized, database-driven log event correlation is more commonly implemented, but suffers from flaws such as high network bandwidth utilization, significant requirements for system resources, and difficulty in detecting certain suspicious behaviors. This analysis measures the value in distributed event correlation by considering network bandwidth utilization, detection capability and database query efficiency, as well as through the implementation of remote configuration scripts and correlation of multiple log sources. These capabilities produce a configuration which allows a 99% reduction of network syslog traffic in the low-accountability case, and a significant decrease in database execution time through context-addition in the high-accountability case.

General

Imprint:	Biblioscholar
Country of origin:	United States
Release date:	October 2012
First published:	October 2012
Authors:	Justin Myers
Dimensions:	246 x 189 x 12mm (L x W x T)
Format:	Paperback - Trade
Pages:	216
ISBN-13:	978-1-249-58687-6
Categories:	Books > Social sciences > Education > General
LSN:	1-249-58687-9
Barcode:	9781249586876

Is the information for this product incomplete, wrong or inappropriate? Let us know about it.

Does this product have an incorrect or missing image? Send us a new image.

Is this product missing categories? Add more categories.

Review This Product

No reviews yet - be the first to create one!