Title :
Domain Independent Event Analysis for Log Data Reduction
Author :
Kalamatianos, Theodoros ; Kontogiannis, Kostas ; Matthews, Peter
Author_Institution :
Dept. of Electr. & Comput. Eng., Nat. Tech. Univ. of Athens, Athens, Greece
Abstract :
Analyzing the run time behavior of large software systems is a difficult and challenging task. Log analysis has been proposed as a possible solution. However, such an analysis poses unique challenges, mostly due to the volume and diversity of the logged data that is collected, thus making this analysis often intractable for practical purposes. In this paper, we present a log analysis technique that aims to compute a smaller, compared to the original, collection of events that relate to a given analysis objective. The technique is based on computing a similarity score between the logged events and a collection of significant events that we refer to as beacons. The major novelties of the proposed technique are that it is domain independent and that it does not require the use of a pre-existing training data set. The technique has been evaluated against the DARPA Intrusion Detection Evaluation 1999 and the KDD 1999 data sets with promising results.
Keywords :
data analysis; data reduction; program diagnostics; security of data; DARPA Intrusion Detection Evaluation 1999 data sets; KDD 1999 data sets; domain independent event analysis; large software systems; log analysis technique; log data reduction; run time behavior analysis; similarity score; Algorithm design and analysis; Analytical models; Intrusion detection; Software; Standards; Weight measurement; Software engineering; dynamic analysis; log analysis; log reduction; software maintenance; system understanding;
Conference_Titel :
Computer Software and Applications Conference (COMPSAC), 2012 IEEE 36th Annual
Conference_Location :
Izmir
Print_ISBN :
978-1-4673-1990-4
Electronic_ISBN :
0730-3157
DOI :
10.1109/COMPSAC.2012.33
