Litcius/Paper detail

On the Forensic Validity of Approximated Audit Logs

Noor Michael, Jaron Mink, Jason Liu, Sneha Gaur, Wajih Ul Hassan, Adam Bates

2020Annual Computer Security Applications Conference44 citationsDOI

Abstract

Auditing is an increasingly essential tool for the defense of computing systems, but the unwieldy nature of log data imposes significant burdens on administrators and analysts. To address this issue, a variety of techniques have been proposed for approximating the contents of raw audit logs, facilitating efficient storage and analysis. However, the security value of these approximated logs is difficult to measure—relative to the original log, it is unclear if these techniques retain the forensic evidence needed to effectively investigate threats. Unfortunately, prior work has only investigated this issue anecdotally, demonstrating sufficient evidence is retained for specific attack scenarios.

Topics & Concepts

AuditComputer scienceVariety (cybernetics)Measure (data warehouse)Data scienceWork (physics)Forensic scienceComputer securityComputer forensicsForensic accountingValue (mathematics)Raw dataAudit trailDigital forensicsData miningAccountingBusinessEngineeringMachine learningArtificial intelligenceMechanical engineeringProgramming languageArchaeologyHistoryDigital and Cyber ForensicsAdvanced Malware Detection TechniquesNetwork Security and Intrusion Detection
On the Forensic Validity of Approximated Audit Logs | Litcius