LogA-DM: An Approach of Dynamic Log Analysis

Abstract

In ubiquitous computing high levels of connectivity are needed. Considering that, preoccupations related with security aspects are indispensable. One strategy that can be applied for improve security is the log analysis. Such strategies can be used to promote systems' understanding, in particular, the detection of intrusion attempts. The operation of modern computing systems, as the ones used in ubiquitous computing, tend to generate a large number of log records, which require the use of automatic tools to an easier analysis. Tools that employ data mining techniques to log analysis have been used in order to detect attempted attacks on computer systems, assisting security management. Thus, this paper proposes an approach to perform log analysis with intuit to prevent attack situations. The proposed solution explores two fronts: (i) log records of applications, and (ii) log records from the network and transport layers. To evaluate the proposed approach was designed a prototype that employs modules for collection and normalization of data. The normalization module also adds contextual information in order to assist the analysis of critical security situations. To conserve the system's autonomic operation, the records of the network and transport layers are collected and evaluated from connections in progress. Tests were developed in the proposed solution, showing good result for typical categories of attack.