Audit trails are analyzed in order to detect record sequences
indicative of illicit or unexpected activities. Examples include searching
for indicators of known attacks that appear in audit records, sorting and
thresholding of audit trails to detect patterns of misuse, and the
cross-correlation of audit records to detect inconsistencies.
Complexity: Analyzing audit trails can be quite complex and several
NP-complete audit analysis problems appear to have been found.
fc@red.a.net