Rough Logs: A Data Reduction Approach for Log Files

被引：3

作者：

Meinig, Michael ^{[1
]}

Troeger, Peter ^{[2
]}

Meinel, Christoph ^{[1
]}

机构：

[1] Univ Potsdam, Hasso Plattner Inst HPI, D-14482 Potsdam, Germany

[2] Beuth Univ Appl Sci, D-13353 Berlin, Germany

来源：

PROCEEDINGS OF THE 21ST INTERNATIONAL CONFERENCE ON ENTERPRISE INFORMATION SYSTEMS (ICEIS 2019), VOL 2 | 2019年

关键词：

Log Files; Anomaly Detection; Rough Sets; Uncertainty; Security; PATTERNS;

D O I：

10.5220/0007735102950302

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Modern scalable information systems produce a constant stream of log records to describe their activities and current state. This data is increasingly used for online anomaly analysis, so that dependability problems such as security incidents can be detected while the system is running. Due to the constant scaling of many such systems, the amount of processed log data is a significant aspect to be considered in the choice of any anomaly detection approach. We therefore present a new idea for log data reduction called ,rough logs'. It utilizes rough set theory for reducing the number of attributes being collected in log data for representing events in the system. We tested the approach in a large case study - the experiments showed that data reduction possibilities proposed by our approach remain valid even when the log information is modified due to anomalies happening in the system.

引用

页码：295 / 302

页数：8

共 23 条

[1]

Bose RPJC, 2013, 2013 IEEE SYMPOSIUM ON COMPUTATIONAL INTELLIGENCE AND DATA MINING (CIDM), P111, DOI 10.1109/CIDM.2013.6597225

[2] Analyzing Boundary Device Logs on the In-Memory Platform [J].

Cheng, Feng ;

Sapegin, Andrey ;

Gawron, Marian ;

Meinel, Christoph .

2015 IEEE 17TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS, 2015 IEEE 7TH INTERNATIONAL SYMPOSIUM ON CYBERSPACE SAFETY AND SECURITY, AND 2015 IEEE 12TH INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE AND SYSTEMS (ICESS), 2015, :1367-1372

[3]

Edgeworth F.Y., 1887, PHIL MAG J SCI, V23, P364, DOI [DOI 10.1080/14786448708628471, 10.1080/14786448708628471doi.org/10.1080/14786448708628471]

[4] Failure prediction based on log files using Random Indexing and Support Vector Machines [J].

Fronza, Ilenia ;

Sillitti, Alberto ;

Succi, Giancarlo ;

Terho, Mikko ;

Vlasenko, Jelena .

JOURNAL OF SYSTEMS AND SOFTWARE, 2013, 86 (01) :2-11

[5] Discovering actionable patterns in event data [J].

Hellerstein, JL ;

Ma, S ;

Perng, CS .

IBM SYSTEMS JOURNAL, 2002, 41 (03) :475-493

[6] Normalizing Security Events with a Hierarchical Knowledge Base [J].

Jaeger, David ;

Azodi, Amir ;

Cheng, Feng ;

Meinel, Christoph .

INFORMATION SECURITY THEORY AND PRACTICE, WISTP 2015, 2015, 9311 :237-248

[7]

Liang YL, 2005, I C DEPEND SYS NETWO, P476

[8]

Ma S., 2002, PATTERN RECOGN, P353

[9] What supercomputers say: A study of five system logs [J].

Oliner, Adam ;

Stearley, Jon .

37TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, PROCEEDINGS, 2007, :575-+

[10] Alert Detection in System Logs [J].

Oliner, Adam J. ;

Aiken, Alex ;

Stearley, Jon .

ICDM 2008: EIGHTH IEEE INTERNATIONAL CONFERENCE ON DATA MINING, PROCEEDINGS, 2008, :959-+

← 1 2 3 →