Audit Record

• Basic Tool of Intrusion Detection

• Native audit records

  • Information collected for accounting
  • No extra cost but not necessary or conveniently formed information

• Detection-specific audit records

  • Only info required by IDS
  • Extra overhead
  • Vendor independent
  • Subject, action, object, exception condition, resource usage, timestamp (Denning)