Full metadata record
DC FieldValueLanguage
dc.contributor.authorFrei, Adrian-
dc.contributor.authorRennhard, Marc-
dc.date.accessioned2017-12-13T13:33:08Z-
dc.date.available2017-12-13T13:33:08Z-
dc.date.issued2008-
dc.identifier.isbn978-0-7695-3102-1de_CH
dc.identifier.urihttps://digitalcollection.zhaw.ch/handle/11475/1755-
dc.description.abstractIn today's IT environments, there is an ever increasing demand for log file analysis solutions. Log files often contain important information about possible incidents, but inspecting the often large amounts of textual data is too time-consuming and tedious a task to perform manually. To address this issue, we propose a novel log file visualization technique called Histogram Matrix (HMAT). HMAT visualizes the content of a log file in order to enable a security administrator to efficiently spot anomalies. The system uses a combination of graphical and statistical techniques and allows even non-experts to interactively search for anomalous log messages. Contrary to other approaches, our proposal does not only work on certain special kinds of log files, but instead works on almost every textual log file. Additionally, the system allows to automatically generate security events if an anomaly is detected, similar to anomaly-based intrusion detection systems. This paper introduces HMAT, demonstrates its functionality using log files from a variety of services in real environments, and identifies strengths and limitations of the technique.de_CH
dc.language.isoende_CH
dc.publisherIEEEde_CH
dc.rightsLicence according to publishing contractde_CH
dc.subjectHistogramsde_CH
dc.subjectHumansde_CH
dc.subjectIntrusion detectionde_CH
dc.subjectInformation technologyde_CH
dc.subjectData visualizationde_CH
dc.subjectEvent detectionde_CH
dc.subjectAvailabilityde_CH
dc.subjectInformation securityde_CH
dc.subjectInformation analysisde_CH
dc.subjectData securityde_CH
dc.subject.ddc005: Computerprogrammierung, Programme und Datende_CH
dc.titleHistogram matrix : log file visualization for anomaly detectionde_CH
dc.typeKonferenz: Paperde_CH
dcterms.typeTextde_CH
zhaw.departementSchool of Engineeringde_CH
zhaw.organisationalunitInstitut für Angewandte Informationstechnologie (InIT)de_CH
dc.identifier.doi10.1109/ARES.2008.148de_CH
zhaw.conference.detailsThird International Conference on Availability, Security and Reliability (ARES 2008), Barcelona, Spain, March 4-7, 2008de_CH
zhaw.funding.euNode_CH
zhaw.originated.zhawYesde_CH
zhaw.pages.start610de_CH
zhaw.publication.statuspublishedVersionde_CH
zhaw.publication.reviewNot specifiedde_CH
zhaw.title.proceedingsProceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008)de_CH
zhaw.webfeedInformation Securityde_CH
Appears in Collections:Publikationen School of Engineering

Files in This Item:
There are no files associated with this item.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.