Australian Digital Forensics Conference
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
Abstract
This paper presents an approach to multi-step scenario specification and matching, which aims to address some of the issues and problems inherent in to scenario specification and event correlation found in most previous work. Our approach builds upon the unification algorithm which we have adapted to provide a seamless, integrated mechanism and framework to handle event matching, filtering, and correlation. Scenario specifications using our framework need to contain only a definition of the misuse activity to be matched. This characteristic differentiates our work from most of the previous work which generally requires scenario specifications also to include additional information regarding how to detect the misuse activity. In this paper we present a prototype implementation which demonstrates the effectiveness of the unification-based approach and our scenario specification framework. Also, we evaluate the practical usability of the approach
DOI
10.4225/75/57ad45517ff2d
Comments
5th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, December 3rd 2007.