Log analysis based mechanism for network security incidents identification

The increasing use and importance that networks have acquired in today's economics and social context also brought an increase in the number of malicious activities that violate privacy and security policies of institutional networks. There are several approaches that aim to detect such activities, for instance the usage of intrusion detection systems. The goal of this paper is to present an alternative malicious activity detection approach based on querying and correlation of the events registered in system logs. The purpose of this approach is to identify the hosts causing such malicious activities. Experiments carried at the Brazilian National Research and Educational Network's Point of Presence at State of Pará have showed that this proposal was able to detect the hosts responsible for malicious activities accurately and demanding low computational resources.