Call for Papers - Ongoing round of submission, notification and publication.
    
  
Home    |    Login or Register    |    Contact CSC
By Title/Keywords/Abstract   By Author
Browse CSC-OpenAccess Library.
  • HOME
  • LIST OF JOURNALS
  • AUTHORS
  • EDITORS & REVIEWERS
  • LIBRARIANS & BOOK SELLERS
  • PARTNERSHIP & COLLABORATION
Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available
(no registration required)

(589.07KB)


-- CSC-OpenAccess Policy
-- Creative Commons Attribution NonCommercial 4.0 International License
>> COMPLETE LIST OF JOURNALS

EXPLORE PUBLICATIONS BY COUNTRIES

EUROPE
MIDDLE EAST
ASIA
AFRICA
.............................
United States of America
United Kingdom
Canada
Australia
Italy
France
Brazil
Germany
Malaysia
Turkey
China
Taiwan
Japan
Saudi Arabia
Jordan
Egypt
United Arab Emirates
India
Nigeria
Data-driven Security Analysis of System Audit Logs for Intrusion Detection and Prevention
Sheena Sheela Rajan
Pages - 136 - 145     |    Revised - 30-07-2025     |    Published - 31-08-2025
Published in International Journal of Computer Science and Security (IJCSS)
Volume - 19   Issue - 4    |    Publication Date - August 2025  Table of Contents
MORE INFORMATION
References   |   Abstracting & Indexing
KEYWORDS
Information Security, Event Logs, Centralized Monitoring, Intrusion Detection, Security Information and Event Management.
ABSTRACT
Cyberattacks such as Ransomware, Denial of Service (DoS), and Phishing have become increasingly common in recent years, and detecting these threats remains a significant challenge in day-to-day operations. This research focuses on organizing system data within a centralized platform to monitor user activity across various operating systems. This is an essential step in identifying intrusions targeting defense systems, homeland security, and health and human services. The study involves collecting user activity logs from multiple OS environments and analyzing them through Security Information and Event Management (SIEM) platforms to detect security incidents based on real-time events. Event logging has become a widely adopted methodology across both the public and private sectors to identify insider and outsider threats. This paper illustrates how the integration of real-time monitoring, Zero Trust principles, and SIEM tools enables the automated detection of suspicious activities, thereby strengthening security response capabilities. It further explores how centralized audit log analysis within a SIEM platform enhances the speed and effectiveness of real-time intrusion detection and prevention.
REFERENCES
Ali, M., Ahmed, M., & Khan, A. (2021). Audit logs management and security: A survey. Kuwait Journal of Science, 48(3). https://doi.org/10.48129/kjs.v48i3.10624.
Basta, A., Basta, N., Anwar, W., & Essar, M. I. (2025). Security information and event management (SIEM). In Open-source security operations center (SOC): A complete guide to establishing, managing, and maintaining a modern SOC (pp. 169–205). Wiley. https://doi.org/10.1002/9781394201631.ch7.
Berlin, K., Slater, D., & Saxe, J. (2015). Malicious behavior detection using Windows audit logs. In Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security (AISec ’15) (pp. 35–44). ACM. https://doi.org/10.1145/2808769.2808773.
Carey, J., & Sanders, P. (2011). A toolkit for event analysis and logging. In SC '11: Proceedings of the 2011 International Conference for High Performance Computing, Networking, Storage and Analysis (pp. 1–7). ACM. https://doi.org/10.1145/2063348.2063381.
Chuvakin, A., Schmidt, K., Phillips, C., Moulder, P. (2012). Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management. Netherlands: Syngress.
Darem, A. A., Alhashmi, A. A., Alkhaldi, T. M., Alashjaee, A. M., Alanazi, S. M., & Ebad, S. A. (2023). Cyber threats classifications and countermeasures in banking and financial sector. IEEE Access, 11, 125138–125158. https://doi.org/10.1109/ACCESS.2023.3327016.
Detken, K.-O., Rix, T., Kleiner, C., Hellmann, B., & Renners, L. (2015). SIEM approach for a higher level of IT security in enterprise networks. In 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS) (pp. 322–327). IEEE. https://doi.org/10.1109/IDAACS.2015.7340752.
Executive Office of the President, Office of Management and Budget. (2021, August 27). M-21-31: Improving the federal government’s investigative and remediation capabilities related to cybersecurity incidents. The White House. https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf.
Granadillo, G., González-Zarzosa, S., & Diaz, R. (2021). Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures. Sensors, 21(14), 4759. https://doi.org/10.3390/s21144759.
Joint Task Force. (2020). Security and privacy controls for information systems and organizations (NIST Special Publication 800-53 Rev. 5). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-53r5.
Kent, K., & Souppaya, M. (2006). Guide to computer security log management (NIST Special Publication 800-92). National Institute of Standards and Technology. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-92.pdf.
Liu, J., Wang, X., Jiao, D., & Wang, C. (2012). Research and design of security audit system for compliance. In 2012 International Symposium on Information Technologies in Medicine and Education (pp. 905–909). IEEE. https://doi.org/10.1109/ITiME.2012.6291450.
Moskvichev, A. D., & Dolgachev, M. V. (2020). System of collection and analysis event log from sources under control of Windows operating system. In 2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon) (pp. 1–5). IEEE. https://doi.org/10.1109/FarEastCon50210.2020.9271520.
Raut, U. (2018). Log based intrusion detection system. https://doi.org/10.9790/0661-2005011522.
Scarfone, K., & Souppaya, M. (2023). Cybersecurity log management planning guide (Initial Public Draft) (NIST SP 800-92r1 ipd). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-92r1.ipd.
Soderstrom, O., & Moradian, E. (2013). Secure audit log management. Procedia Computer Science, 22, 1249–1258. https://doi.org/10.1016/j.procs.2013.09.212.
Splunk. (n.d.). How to use the CIM data model reference tables. Retrieved August 13, 2025, from https://help.splunk.com/en/splunk-cloud-platform/common-information-model/6.0/data-models/how-to-use-the-cim-data-model-reference-tables.
Stepanenko, D., Stoychin, K., & Shevchenko, D. (2023). Analysis of operating system event logs when investigating information security incidents. Proceedings of the 2023 IEEE Ural Symposium on Biomedical Engineering, Radio Electronics and Information Technology (USBEREIT), 313–315. https://doi.org/10.1109/USBEREIT58508.2023.10158875.
Uslar, M., Specht, M., Rohjans, S., Trefke, J., & Gonzalez Vazquez, J. M. (2012). The common information model CIM: IEC 61968/61970 and 62325 – A practical introduction to the CIM. Springer. https://doi.org/10.1007/978-3-642-25215-0.
MANUSCRIPT AUTHORS
Miss Sheena Sheela Rajan
National Center for Advancing Translational Sciences, Maryland, 20892 - United States of America
sheena.rajan89@gmail.com


CREATE AUTHOR ACCOUNT
 
LAUNCH YOUR SPECIAL ISSUE
View all special issues >>
 
PUBLICATION VIDEOS
 
You can contact us anytime since we have 24 x 7 support.
Join Us|List of Journals|
    
Copyrights © 2025 Computer Science Journals (CSC Journals). All rights reserved. Privacy Policy | Terms of Conditions