NOTE: This item is not available outside the Texas A&M University network. Texas A&M affiliated users who are off campus can access the item through NetID and password authentication or by using TAMU VPN. Non-affiliated individuals should request a copy through their local library's interlibrary loan service.
A UNIX security log analyzer based on from/to access matrix
dc.creator | El-Haj Mahmoud, Samer Ahmad | |
dc.date.accessioned | 2012-06-07T15:47:08Z | |
dc.date.available | 2012-06-07T15:47:08Z | |
dc.date.created | 2002 | |
dc.date.issued | 2002 | |
dc.identifier.uri | https://hdl.handle.net/1969.1/ETD-TAMU-2002-THESIS-E39 | |
dc.description | Due to the character of the original source materials and the nature of batch digitization, quality control issues may be present in this document. Please report any quality issues you encounter to digital@library.tamu.edu, referencing the URI of the item. | en |
dc.description | Includes bibliographical references (leaves 70-74). | en |
dc.description | Issued also on microfiche from Lange Micrographics. | en |
dc.description.abstract | System log files are valuable assets in detecting security violations and malicious attacks as well as in holding users responsible for their actions. However, the huge size of these logs makes it impractical for system administrators to examine them manually. This leaves potential threats logged but undetected. Several tools exist for automated log analysis and reporting, such as Swatch, Logsurfer, and Logcheck. Most of these tools depend on either detecting patterns of known attacks or eliminating patterns of normal behavior. This research aims to study UNIX system log files and log analyzers, and to present a new method for log analysis. The method is based on a systems access matrix that provides a set of rules for services in the network. For each service listed in the matrix, the rules specify access rights for every user, indicating the source hosts that the user can access that service from, and the destination hosts on which the service can be accessed. A tool called LogMatrix has been developed to examine the system logs and analyze them by comparing the actual events to the rules in the from/to access matrix. | en |
dc.format.medium | electronic | en |
dc.format.mimetype | application/pdf | |
dc.language.iso | en_US | |
dc.publisher | Texas A&M University | |
dc.rights | This thesis was part of a retrospective digitization project authorized by the Texas A&M University Libraries in 2008. Copyright remains vested with the author(s). It is the user's responsibility to secure permission from the copyright holder(s) for re-use of the work beyond the provision of Fair Use. | en |
dc.subject | computer engineering. | en |
dc.subject | Major computer engineering. | en |
dc.title | A UNIX security log analyzer based on from/to access matrix | en |
dc.type | Thesis | en |
thesis.degree.discipline | computer engineering | en |
thesis.degree.name | M.S. | en |
thesis.degree.level | Masters | en |
dc.type.genre | thesis | en |
dc.type.material | text | en |
dc.format.digitalOrigin | reformatted digital | en |
Files in this item
This item appears in the following Collection(s)
-
Digitized Theses and Dissertations (1922–2004)
Texas A&M University Theses and Dissertations (1922–2004)
Request Open Access
This item and its contents are restricted. If this is your thesis or dissertation, you can make it open-access. This will allow all visitors to view the contents of the thesis.