The main thrust of this research is the investigation of the interrelated issues of content, representation, storage and processing of audit trails in computer systems. Existing audit mechanisms on various systems are being analyzed and extended, experimental collection and reduction systems for audit are being built, and experimentation with tools to analyze audit data for intrusion and misuse are being performed. This research builds on ongoing work in which progress has been made on prototyping an audit representation and compression tool and developing two different intrusion detection techniques. An important benefit of this work is that undergraduate and graduate students involved are acquiring a unique combination of skills, spanning computer security, systems and modeling, and data structuring. The project leverages considerable industrial support and the results and prototyped software could be used by industry to enhance existing audit mechanisms and intrusion detection systems.
