A Real-Time Audit Mechanism Based on the Compression Technique

Abstract

Log management and log auditing have become increasingly crucial for enterprises in this era of information and technology explosion. The log analysis technique is useful for discovering possible problems in business processes and preventing illegal-intrusion attempts and data-tampering attacks. Because of the complexity of the dynamically changing environment, auditing a tremendous number of data is a challenging issue. We provide a real-time audit mechanism to improve the aforementioned problems in log auditing. This mechanism was developed based on the Lempel-Ziv-Welch (LZW) compression technique to facilitate effective compression and provide reliable auditing log entries. The mechanism can be used to predict unusual activities when compressing the log data according to pre-defined auditing rules. Auditors using real-time and continuous monitoring can perceive instantly the most likely anomalies or exceptions that could cause problems. We also designed a user interface that allows auditors to define the various compression and audit parameters, using real log cases in the experiment to verify the feasibility and effectiveness of this proposed audit mechanism. In summary, this mechanism changes the log access method and improves the efficiency of log analysis. This mechanism greatly simplifies auditing so that auditors must only trace the sources and causes of the problems related to the detected anomalies. This greatly reduces the processing time of analytical audit procedures and the manual checking time, and improves the log audit efficiency.