• DocumentCode
    2843525
  • Title

    A next generation entropy based framework for alert detection in system logs

  • Author

    Makanju, Adetokunbo ; Zincir-Heywood, A. Nur ; Milios, Evangelos E.

  • Author_Institution
    Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
  • fYear
    2011
  • fDate
    23-27 May 2011
  • Firstpage
    626
  • Lastpage
    629
  • Abstract
    Recent research efforts have highlighted the capability of entropy based approaches in the automatic discovery of alerts in system logs. In this work, we extend this research to present the evaluations of three entropy based approaches on new datasets not utilized in previous papers. We also extend the approach with the introduction of a Cluster Membership Anomaly score. This extension of the approach is intended to reduce the false positive rates required to detect all alerts. Previous work has shown that false positive rates required for the detection of all alerts for an entropy based approach could be very high. The results show that the Cluster Membership Anomaly score has value for the reduction of false positive rates.
  • Keywords
    entropy; pattern clustering; system monitoring; system recovery; alert detection; cluster membership anomaly score; false positive rate reduction; next generation entropy; system logs; Lead; Silicon compounds; Tin; Algorithms; Modeling and Assessment; Networked Systems; System Management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Integrated Network Management (IM), 2011 IFIP/IEEE International Symposium on
  • Conference_Location
    Dublin
  • Print_ISBN
    978-1-4244-9219-0
  • Electronic_ISBN
    978-1-4244-9220-6
  • Type

    conf

  • DOI
    10.1109/INM.2011.5990587
  • Filename
    5990587
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2843525