Queen's University - Utility Bar

QSpace at Queen's University >
Theses, Dissertations & Graduate Projects >
Queen's Theses & Dissertations >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1974/1217

Title: Log File Categorization and Anomaly Analysis Using Grammar Inference
Authors: Memon, Ahmed Umar

Files in This Item:

File Description SizeFormat
Memon_Ahmed_U_200805_MSC.pdf819.66 kBAdobe PDFView/Open
Keywords: Anomaly analysis
Log file analysis
Log categorization
Grammar inference
Log file reporting
Robust parsing
Island grammars
Program comprehension
Issue Date: 2008
Series/Report no.: Canadian theses
Abstract: In the information age of today, vast amounts of sensitive and confidential data is exchanged over an array of different mediums. Accompanied with this phenomenon is a comparable increase in the number and types of attacks to acquire this information. Information security and data consistency have hence, become quintessentially important. Log file analysis has proven to be a good defense mechanism as logs provide an accessible record of network activities in the form of server generated messages. However, manual analysis is tedious and prohibitively time consuming. Traditional log analysis techniques, based on pattern matching and data mining approaches, are ad hoc and cannot readily adapt to different kinds of log files. The goal of this research is to explore the use of grammar inference for log file analysis in order to build a more adaptive, flexible and generic method for message categorization, anomaly detection and reporting. The grammar inference process employs robust parsing, islands grammars and source transformation techniques. We test the system by using three different kinds of log file training sets as input and infer a grammar and generate message categories for each set. We detect anomalous messages in new log files using the inferred grammar as a catalog of valid traces and present a reporting program to extract the instances of specified message categories from the log files.
Description: Thesis (Master, Computing) -- Queen's University, 2008-05-22 14:12:30.199
URI: http://hdl.handle.net/1974/1217
Appears in Collections:Computing Graduate Theses
Queen's Theses & Dissertations

Items in QSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

 

  DSpace Software Copyright © 2002-2008  The DSpace Foundation - TOP