Classification of Log Files with Limited Labeled Data

Hommes, Stefan; State, Radu; Engel, Thomas

Reference : Classification of Log Files with Limited Labeled Data


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/10295

Title :	Classification of Log Files with Limited Labeled Data
Language :	English
Author, co-author :	Hommes, Stefan [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	State, Radu [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Engel, Thomas [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	Oct-2013
Main document title :	Proceedings of IPTComm 2013
Peer reviewed :	Yes
Event name :	Principles, Systems and Applications of IP Telecommunications (IPTComm) 2013
Event date :	from 15-10-2013 to 17-10-2013
Keywords :	[en] semi-supervised learning ; firewall ; log files
Abstract :	[en] We address the problem of anomaly detection in log files that consist of a huge number of records. In order to achieve this task, we demonstrate label propagation as a semi-supervised learning technique. The strength of this approach lies in the small amount of labelled data that is needed to label the remaining data. This is an advantage since labelled data needs human expertise which comes at a high cost and be- comes infeasible for big datasets. Even though our approach is generally applicable, we focus on the detection of anoma- lous records in firewall log files. This requires a separation of records into windows which are compared using different distance functions to determine their similarity. Afterwards, we apply label propagation to label a complete dataset in only a limited number of iterations. We demonstrate our approach on a realistic dataset from an ISP.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust (SnT)
Permalink :	http://hdl.handle.net/10993/10295

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	iptcomm2013.pdf		Author postprint	469.66 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices