Publikationstyp: | Konferenz: Paper |
Art der Begutachtung: | Peer review (Publikation) |
Titel: | Histogram matrix : log file visualization for anomaly detection |
Autor/-in: | Frei, Adrian Rennhard, Marc |
DOI: | 10.1109/ARES.2008.148 |
Tagungsband: | Proceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008) |
Seite(n): | 610 |
Seiten bis: | 617 |
Angaben zur Konferenz: | Third International Conference on Availability, Security and Reliability (ARES 2008), Barcelona, Spain, 4-7 March 2008 |
Erscheinungsdatum: | 2008 |
Verlag / Hrsg. Institution: | IEEE |
ISBN: | 978-0-7695-3102-1 |
Sprache: | Englisch |
Schlagwörter: | Histograms; Humans; Intrusion detection; Information technology; Data visualization; Event detection; Availability; Information security; Information analysis; Data security |
Fachgebiet (DDC): | 005: Computerprogrammierung, Programme und Daten |
Zusammenfassung: | In today's IT environments, there is an ever increasing demand for log file analysis solutions. Log files often contain important information about possible incidents, but inspecting the often large amounts of textual data is too time-consuming and tedious a task to perform manually. To address this issue, we propose a novel log file visualization technique called Histogram Matrix (HMAT). HMAT visualizes the content of a log file in order to enable a security administrator to efficiently spot anomalies. The system uses a combination of graphical and statistical techniques and allows even non-experts to interactively search for anomalous log messages. Contrary to other approaches, our proposal does not only work on certain special kinds of log files, but instead works on almost every textual log file. Additionally, the system allows to automatically generate security events if an anomaly is detected, similar to anomaly-based intrusion detection systems. This paper introduces HMAT, demonstrates its functionality using log files from a variety of services in real environments, and identifies strengths and limitations of the technique. |
URI: | https://digitalcollection.zhaw.ch/handle/11475/1755 |
Volltext Version: | Publizierte Version |
Lizenz (gemäss Verlagsvertrag): | Lizenz gemäss Verlagsvertrag |
Departement: | School of Engineering |
Organisationseinheit: | Institut für Informatik (InIT) |
Enthalten in den Sammlungen: | Publikationen School of Engineering |
Dateien zu dieser Ressource:
Es gibt keine Dateien zu dieser Ressource.
Zur Langanzeige
Frei, A., & Rennhard, M. (2008). Histogram matrix : log file visualization for anomaly detection [Conference paper]. Proceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008), 610–617. https://doi.org/10.1109/ARES.2008.148
Frei, A. and Rennhard, M. (2008) ‘Histogram matrix : log file visualization for anomaly detection’, in Proceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008). IEEE, pp. 610–617. Available at: https://doi.org/10.1109/ARES.2008.148.
A. Frei and M. Rennhard, “Histogram matrix : log file visualization for anomaly detection,” in Proceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008), 2008, pp. 610–617. doi: 10.1109/ARES.2008.148.
FREI, Adrian und Marc RENNHARD, 2008. Histogram matrix : log file visualization for anomaly detection. In: Proceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008). Conference paper. IEEE. 2008. S. 610–617. ISBN 978-0-7695-3102-1
Frei, Adrian, and Marc Rennhard. 2008. “Histogram Matrix : Log File Visualization for Anomaly Detection.” Conference paper. In Proceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008), 610–17. IEEE. https://doi.org/10.1109/ARES.2008.148.
Frei, Adrian, and Marc Rennhard. “Histogram Matrix : Log File Visualization for Anomaly Detection.” Proceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008), IEEE, 2008, pp. 610–17, https://doi.org/10.1109/ARES.2008.148.
Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt, soweit nicht anderweitig angezeigt.