Skip to Main content Skip to Navigation
Conference papers

Semantic Mediation for A Posteriori Log Analysis

Abstract : The a posteriori access control mode consists in monitoring actions performed by users, to detect possible violations of the security policy and to apply sanctions or reparations. In general, logs are among the first data sources that information security specialists consult for forensics when they suspect that something went wrong. One difficult challenge we face when analyzing logs, is the multiple log file formats. However, normalizing logs in one format needs a lot of processing especially because log files usually contain a high volume of data. Our study proposes then to tackle this problem, by leaving the different log formats as they are, and retrieving information from logs by querying them. A semantic mediator makes it possible to inter-operate various sources of information without modifying their internal functioning. It can be responsible for locating data sources, to transmit queries to each source, or from one source to another, to retrieve the queries responses and possibly send them back to other sources. To the best of our knowledge, semantic mediation techniques have been used to share information from heterogeneous data sources, but they were never used in the context of log analysis.
Document type :
Conference papers
Complete list of metadatas

Cited literature [48 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-02497184
Contributor : Farah Dernaika <>
Submitted on : Wednesday, May 13, 2020 - 6:53:34 PM
Last modification on : Wednesday, June 24, 2020 - 4:19:43 PM

File

ARES__SEMANTIC_MEDIATION.pdf
Files produced by the author(s)

Identifiers

Citation

Farah Dernaika, Nora Cuppens-Boulahia, Frédéric Cuppens, Olivier Raynaud. Semantic Mediation for A Posteriori Log Analysis. ARES ’19, Aug 2019, Canterbury, United Kingdom. ⟨10.1145/3339252.3340104⟩. ⟨hal-02497184⟩

Share

Metrics

Record views

99

Files downloads

69