Chapter 8 ANALYZING TRANSACTION LOGS FOR EFFECTIVE DAMAGE ASSESSMENT Prahalad Ragothaman and Brajendra Panda Abstract In this research, we have proposed to divide the log into several segments based on three different methods with a view to reduce log access time, as a result, expediting recovery. We offer to segment the log based on the number of com- mitted transactions, time and space. A fixed number of transactions will form a segment in the first approach. In the second method, a new segment will be formed with all committed transactions after a set time has elapsed. In the third approach, a segment will be built with all the committed transactions after they have used up a set size of disk space. The three schemes mentioned also vouch for the fact that no segment will grow out of proportion since we are enforcing constraints on their sizes. The algorithms to implement this approach will be relatively simple and easy. Performances of these algorithms have been tested through simulation programs and the results are discussed. Keywords: Transaction dependency, damage assessment, log segmentation, defensive infor- mation warfare 1. Introd uction In this rapidly changing world where everything boils down to time, infor- mation sharing plays a vital role. Computers are the most powerful means to share information. With the dawn of Internet technologies, this process has become faster and efficient. But unfortunately, the Internet has also attracted a large number of malicious users who have used it to break into systems and render them inconsistent and unstable. Though there are several protection mechanisms available to stop malicious users from intruding into the system, they are not always successful as savvy hackers find different ways to attack systems. Hence the next best thing would be to detect the attack and bring the system back to a consistent state as soon as possible. Some of the most recent intrusion detection techniques are presented in [4,5,10]. But intrusion E. Gudes et al. (eds.), Research Directions in Data and Applications Security © Springer Science+Business Media New York 2003