A method for intrusion detection rate with audit correlation

摘要

PURPOSE: A method for improving intrusion detection through a relationship algorithm of a audit log is provided to improve the intrusion detection and lower wrong detection through the relationship of three audit logs having a different property. CONSTITUTION: A system log(2), a packet log(3), and a system call log(4) of a login module(1) generate an intrusion detecting pattern(6) through a audit log parser(5), and judge the intrusion through the intrusion detector(7). The intrusion of the audit log is detected through the intrusion detector in real-time. In case that the intrusion is detected, an intrusion confronting/reporting module(8) is operated.