Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
Refereed Papers: Real-time Log File Analysis Using the Simple Event Correlator (SEC)
LISA '04 Proceedings of the 18th USENIX conference on System administration
Automated Security Configuration Management
Journal of Network and Systems Management
Clustering event logs using iterative partitioning
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Automated pseudo-live testing of firewall configuration enforcement
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Analysis of firewall policy rules using traffic mining techniques
International Journal of Internet Protocol Technology
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
Predicting computer system failures using support vector machines
WASL'08 Proceedings of the First USENIX conference on Analysis of system logs
Hi-index | 0.00 |
We address the problem of anomaly detection in log files that consist of a huge number of records. In order to achieve this task, we demonstrate label propagation as a semi-supervised learning technique. The strength of this approach lies in the small amount of labelled data that is needed to label the remaining data. This is an advantage since labelled data needs human expertise which comes at a high cost and becomes infeasible for big datasets. Even though our approach is generally applicable, we focus on the detection of anomalous records in firewall log files. This requires a separation of records into windows which are compared using different distance functions to determine their similarity. Afterwards, we apply label propagation to label a complete dataset in only a limited number of iterations. We demonstrate our approach on a realistic dataset from an ISP.