Research Assistants: H. Chang, J.C. Flack, S. Shah
Sponsor: COAST Laboratory sponsors
Standard system audit trails may be tens or hundreds of megabytes per monitored host per day. The size of these audit files makes searching and processing of audit data difficult, if not impossible. Furthermore, these large files also lead system administrators to curtail or cease audit trail collection, despite its crucial worth in detecting and analyzing misuses. Our goal is to develop techniques and ultimately, tools to efficiently reduce audit data, both in the sense of economizing storage space and in the sense of abstracting higher-level, more useful information for security administrators. This also includes finding ways to best search audit trails for information of interest.