Titel: Histogram matrix : log file visualization for anomaly detection
Autoren: Frei, Adrian
Rennhard, Marc
Tagungsband: Proceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008)
Seiten: 610
Angaben zur Konferenz: Third International Conference on Availability, Security and Reliability (ARES 2008), Barcelona, Spain, March 4-7, 2008
Verlag / Hrsg. Institution: IEEE
Erscheinungsdatum: 2008
Lizenz (gemäss Verlagsvertrag): Lizenz gemäss Verlagsvertrag
Art der Begutachtung: Keine Angabe
Sprache: Englisch
Schlagwörter: Histograms; Humans; Intrusion detection; Information technology; Data visualization; Event detection; Availability; Information security; Information analysis; Data security
Fachgebiet (DDC): 005: Computerprogrammierung, Programme und Daten
Zusammenfassung: In today's IT environments, there is an ever increasing demand for log file analysis solutions. Log files often contain important information about possible incidents, but inspecting the often large amounts of textual data is too time-consuming and tedious a task to perform manually. To address this issue, we propose a novel log file visualization technique called Histogram Matrix (HMAT). HMAT visualizes the content of a log file in order to enable a security administrator to efficiently spot anomalies. The system uses a combination of graphical and statistical techniques and allows even non-experts to interactively search for anomalous log messages. Contrary to other approaches, our proposal does not only work on certain special kinds of log files, but instead works on almost every textual log file. Additionally, the system allows to automatically generate security events if an anomaly is detected, similar to anomaly-based intrusion detection systems. This paper introduces HMAT, demonstrates its functionality using log files from a variety of services in real environments, and identifies strengths and limitations of the technique.
Departement: School of Engineering
Organisationseinheit: Institut für Angewandte Informationstechnologie (InIT)
Publikationstyp: Konferenz: Paper
DOI: 10.1109/ARES.2008.148
ISBN: 978-0-7695-3102-1
URI: https://digitalcollection.zhaw.ch/handle/11475/1755
Enthalten in den Sammlungen:Publikationen School of Engineering

Dateien zu dieser Ressource:
Es gibt keine Dateien zu dieser Ressource.

Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt, soweit nicht anderweitig angezeigt.