<![CDATA[One major problem commonly faced by organizations is a network attack especially if the network is vulnerable due to poor security policies. Network security is vital in protecting not only the infrastructure but most importantly, the data that moves around the network and is stored within the organization. Ensuring a secure network requires a complex combination of hardware including both network and security devices, specialized applications such as web filtering and log management, and a group of well-trained network administrators and highly skilled analysts. This paper aims to present an alternative to the current log management solution. A hindrance to the current log management solution is the difficulty in amalgamating and correlating a vast number of logs with different formats and variables. This paper uses a novel framework called Log Consolidation Processing (LCP) based on the System Information Event Management (SIEM) technology, to monitor the behavior and the fitness of a network. LCP provides a flexible and complete solution to collect, correlate, and analyze logs from multiple devices as well as applications. An experiment testing the effectiveness of LCP in detecting DDoS attacks in a campus network environment was conducted, demonstrating a highly successful rate of detection. Besides threat detection and avoidance through log monitoring and analysis, other benefits of implementing the LCP framework are also included. This paper concludes by mentioning suggested enhancements for the LCP framework.]]>
Copyrights © 2024
