A Distance-Based Method to Detect Anomalous Attributes in Log Files

Hommes, Stefan; State, Radu; Engel, Thomas

Reference : A Distance-Based Method to Detect Anomalous Attributes in Log Files


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/10591

Title :	A Distance-Based Method to Detect Anomalous Attributes in Log Files
Language :	English
Author, co-author :	Hommes, Stefan [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	State, Radu [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Engel, Thomas [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	Apr-2012
Main document title :	Proceedings of IEEE/IFIP NOMS 2012
Pages :	498-501
Peer reviewed :	Yes
Event name :	IEEE/IFIP Network Operations and Management Symposium (NOMS) 2012
Event date :	from 16-04-2012 to 20-04-2012
Event country :	US
Keywords :	[en] firewall ; control charts ; Kullback-Leibler divergence
Abstract :	[en] Dealing with large volumes of logs is like the prover- bial needle in the haystack problem. Finding relevant events that might be associated with an incident, or real time analysis of operational logs is extremely difficult when the underlying data volume is huge and when no explicit misuse model exists. While domain-specific knowledge and human expertise may be useful in analysing log data, automated approaches for detecting anomalies and track incidents are the only viable solutions when confronted with large volumes of data. In this paper we address the issue of automated log analysis and consider more specifically the case of ISP-provided firewall logs. We leverage approaches derived from statistical process control and information theory in order to track potential incidents and detect suspicious network activity.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust (SnT)
Permalink :	http://hdl.handle.net/10993/10591

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	94034.pdf		Publisher postprint	154.37 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices