Abstract

ECHEVERRIA CASTILLO, Yohandra; PENA CASANOVA, Mónica  and  LABORI DE LA NUEZ, Bárbara. Architecture for the detection of security policy violations. Rev cuba cienc informat [online]. 2021, vol.15, n.4, suppl.1, pp. 265-280.  Epub Dec 01, 2021. ISSN 2227-1899.

Logs are highly relevant in the management of computer security, because the information recorded in them contributes to auditing and forensic analysis activities, supporting internal investigations, establishing baselines and identifying operational trends and behavior problems of information systems. Among the logs associated with security are the logs generated by access to network services, specifically the internet through a proxy. The process of detecting security violations from the analysis of logs of users' Internet browsing requires variants that standardize the existing formats. Analysis and search strategies must be defined that allow the generation of alarms and reports in the event of the detection of any security violation to the policies established in the organization. This article presents an analysis of the different formats to define the structure of the Logs. An architecture is proposed for the detection of security violations from the analysis of Internet browsing Logs of users, as well as the necessary components as a result of the analysis developed. A common format is determined for the standardization of the structure of the logs, allowing a greater capacity for analysis. The tools necessary for the implementation of the proposed architecture are evaluated.

Keywords : log; users; violations; security; Internet.

        · abstract in Spanish     · text in Spanish     · Spanish ( pdf )