Title :
Investigating event log analysis with minimum apriori information
Author :
Makanju, Adetokunbo ; Zincir-Heywood, A. Nur ; Milios, Evangelos E.
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
Abstract :
This thesis proposes a hybrid log alert detection scheme, which incorporates anomaly detection and signature generation to accomplish its goal. Unlike previous work, minimum apriori knowledge of the system being analyzed is assumed. This assumption enhances the platform portability of the framework. The anomaly detection component works in a bottom-up manner on the contents of historical system log data to detect regions of the log, which contain anomalous (alert) behaviour. The identified anomalous regions (after inspection by a human administrator through a visualization system) are then passed to the signature generation component, which mines them for patterns. Consequently, future occurrences of the underlying alert in the anomalous log region, can be detected on a production system using the discovered patterns. The combination of anomaly detection and signature generation, which is novel when compared to previous work, ensures that a framework which is accurate while still being able to detect new and unknown alerts is attained.
Keywords :
digital signatures; anomalous regions; anomaly detection component; human administrator; hybrid log alert detection scheme; investigating event log analysis; minimum Apriori information; platform portability; signature generation component; visualization system; Computers; Data mining; Data visualization; Itemsets; Monitoring; Production systems; Semantics; Algorithms; Modeling and Assessment; Networked Systems; System Management;
Conference_Titel :
Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on
Conference_Location :
Ghent
Print_ISBN :
978-1-4673-5229-1
