Log analysis based mechanism fornetwork security incidents identification

Abstract: The increasing use and importance of networks in today’s economic and social context have also led to a rise in the number of malicious activities that violate privacy and security policies of institutional networks. There are several approaches aimed at detecting such activities, such as the use of intrusion detection systems. The goal of this paper is to present an alternative approach to detecting malicious activities based on querying and correlating the events recorded in system logs. The purpose of this approach is to identify the hosts responsible for these malicious activities. Experiments conducted at the Brazilian National Research and Educational Network’s Point of Presence in the State of Pará have shown that this proposal can accurately detect the hosts responsible for malicious activities while requiring low computational resources.