IP2User--Identifying the Username of an IP Address in Network-Related Events Conference Paper uri icon


  • Abstract: Network devices deployed in organizations (Firewall, IDS, routers, antivirus, servers, etc.) logs users' activity as events. Based on these events users' behavioral profiles can be derived in order to detect anomalies, indicating potential attacks. The identifier of a user in most cases is the user's organizational username. While events are always logged with the source IP address they are not always logged with the relevant username and therefore, many of the collected events are not directly linked with the appropriate user. In …

publication date

  • June 27, 2013