A Distance-Based Method to Detect Anomalous Attributes in Log Files

Hommes, Stefan; State, Radu; Engel, Thomas

doi:10.1109/NOMS.2012.6211940

Request a copy

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

A Distance-Based Method to Detect Anomalous Attributes in Log Files

Hommes, Stefan; State, Radu; Engel, Thomas

2012 • In Proceedings of IEEE/IFIP NOMS 2012

Peer reviewed

Permalink
https://hdl.handle.net/10993/10591

DOI
10.1109/NOMS.2012.6211940

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

94034.pdf

Publisher postprint (158.08 kB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

firewall; control charts; Kullback-Leibler divergence

Abstract :

[en] Dealing with large volumes of logs is like the prover- bial needle in the haystack problem. Finding relevant events that might be associated with an incident, or real time analysis of operational logs is extremely difficult when the underlying data volume is huge and when no explicit misuse model exists. While domain-specific knowledge and human expertise may be useful in analysing log data, automated approaches for detecting anomalies and track incidents are the only viable solutions when confronted with large volumes of data. In this paper we address the issue of automated log analysis and consider more specifically the case of ISP-provided firewall logs. We leverage approaches derived from statistical process control and information theory in order to track potential incidents and detect suspicious network activity.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT)

Disciplines :

Computer science

Author, co-author :

Hommes, Stefan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

State, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Engel, Thomas ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Language :

English

Title :

A Distance-Based Method to Detect Anomalous Attributes in Log Files

Publication date :

April 2012

Event name :

IEEE/IFIP Network Operations and Management Symposium (NOMS) 2012

Event place :

United States

Event date :

from 16-04-2012 to 20-04-2012

Main work title :

Proceedings of IEEE/IFIP NOMS 2012

Pages :

498-501

Peer reviewed :

Peer reviewed

Available on ORBilu :

since 12 November 2013

Statistics

Number of views

99 (4 by Unilu)

Number of downloads

0 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

WoS citations^™