Reference : A Distance-Based Method to Detect Anomalous Attributes in Log Files
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/10591
A Distance-Based Method to Detect Anomalous Attributes in Log Files
English
Hommes, Stefan mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
State, Radu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Engel, Thomas mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Apr-2012
Proceedings of IEEE/IFIP NOMS 2012
498-501
Yes
IEEE/IFIP Network Operations and Management Symposium (NOMS) 2012
from 16-04-2012 to 20-04-2012
US
[en] firewall ; control charts ; Kullback-Leibler divergence
[en] Dealing with large volumes of logs is like the prover-
bial needle in the haystack problem. Finding relevant events that
might be associated with an incident, or real time analysis of
operational logs is extremely difficult when the underlying data
volume is huge and when no explicit misuse model exists. While
domain-specific knowledge and human expertise may be useful in
analysing log data, automated approaches for detecting anomalies
and track incidents are the only viable solutions when confronted
with large volumes of data. In this paper we address the issue of
automated log analysis and consider more specifically the case
of ISP-provided firewall logs. We leverage approaches derived
from statistical process control and information theory in order
to track potential incidents and detect suspicious network activity.
Interdisciplinary Centre for Security, Reliability and Trust (SnT)
http://hdl.handle.net/10993/10591

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
94034.pdfPublisher postprint154.37 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.