Cover Image

Filtering events using clustering in heterogeneous security logs

Log files are rich sources of information exhibiting the actions performed during the usage of a computer system in our daily work. In this study we concentrate on parsing/isolating logs from different sources and then clustering the logs using data mining tool (Weka) to filter the unwanted entries...

Full description

Saved in:
Bibliographic Details
Main Authors: Hajamydeen, Asif Iqbal, Udzir, Nur Izura, Mahmod, Ramlan, Abd Ghani, Abdul Azim
Format: Article
Language:English
Published: Asian Network for Scientific Information 2011
Online Access:http://psasir.upm.edu.my/id/eprint/22453/1/Filtering%20events%20using%20clustering%20in%20heterogeneous%20security%20logs.pdf
http://psasir.upm.edu.my/id/eprint/22453/
http://scialert.net/abstract/?doi=itj.2011.798.806
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.upm.eprints.22453
record_format eprints
spelling my.upm.eprints.224532016-06-08T08:33:10Z http://psasir.upm.edu.my/id/eprint/22453/ Filtering events using clustering in heterogeneous security logs Hajamydeen, Asif Iqbal Udzir, Nur Izura Mahmod, Ramlan Abd Ghani, Abdul Azim Log files are rich sources of information exhibiting the actions performed during the usage of a computer system in our daily work. In this study we concentrate on parsing/isolating logs from different sources and then clustering the logs using data mining tool (Weka) to filter the unwanted entries in the logs which will greatly help in correlating the events from different logs. Unfortunately parsing heterogeneous logs to extract the attribute values becomes tedious, since every type of log is stored in a proprietary format. We propose a framework that has the ability to parse and isolate a variety of logs, followed by clustering the logs to identify and remove unneeded entries. Experiments involving a range of logs, reveals the fact that clustering has the capacity to group log entries with a higher degree of accuracy, thereby assisting to identify correctly the entries to be removed. Asian Network for Scientific Information 2011 Article PeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/22453/1/Filtering%20events%20using%20clustering%20in%20heterogeneous%20security%20logs.pdf Hajamydeen, Asif Iqbal and Udzir, Nur Izura and Mahmod, Ramlan and Abd Ghani, Abdul Azim (2011) Filtering events using clustering in heterogeneous security logs. Information Technology Journal, 10 (4). pp. 798-806. ISSN 1812-5638; ESSN: 1812-5646 http://scialert.net/abstract/?doi=itj.2011.798.806 10.3923/itj.2011.798.806
institution Universiti Putra Malaysia
building UPM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Putra Malaysia
content_source UPM Institutional Repository
url_provider http://psasir.upm.edu.my/
language English
description Log files are rich sources of information exhibiting the actions performed during the usage of a computer system in our daily work. In this study we concentrate on parsing/isolating logs from different sources and then clustering the logs using data mining tool (Weka) to filter the unwanted entries in the logs which will greatly help in correlating the events from different logs. Unfortunately parsing heterogeneous logs to extract the attribute values becomes tedious, since every type of log is stored in a proprietary format. We propose a framework that has the ability to parse and isolate a variety of logs, followed by clustering the logs to identify and remove unneeded entries. Experiments involving a range of logs, reveals the fact that clustering has the capacity to group log entries with a higher degree of accuracy, thereby assisting to identify correctly the entries to be removed.
format Article
author Hajamydeen, Asif Iqbal
Udzir, Nur Izura
Mahmod, Ramlan
Abd Ghani, Abdul Azim
spellingShingle Hajamydeen, Asif Iqbal
Udzir, Nur Izura
Mahmod, Ramlan
Abd Ghani, Abdul Azim
Filtering events using clustering in heterogeneous security logs
author_facet Hajamydeen, Asif Iqbal
Udzir, Nur Izura
Mahmod, Ramlan
Abd Ghani, Abdul Azim
author_sort Hajamydeen, Asif Iqbal
title Filtering events using clustering in heterogeneous security logs
title_short Filtering events using clustering in heterogeneous security logs
title_full Filtering events using clustering in heterogeneous security logs
title_fullStr Filtering events using clustering in heterogeneous security logs
title_full_unstemmed Filtering events using clustering in heterogeneous security logs
title_sort filtering events using clustering in heterogeneous security logs
publisher Asian Network for Scientific Information
publishDate 2011
url http://psasir.upm.edu.my/id/eprint/22453/1/Filtering%20events%20using%20clustering%20in%20heterogeneous%20security%20logs.pdf
http://psasir.upm.edu.my/id/eprint/22453/
http://scialert.net/abstract/?doi=itj.2011.798.806
_version_ 1643827832473780224
score 13.159267

Similar Items