Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks

Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks Ting-Fang Yen RSA Laboratories Cambridge, MA, USA Alina Oprea RSA Laboratories Cambridge, MA, USA Kaan Onarlioglu Northeastern University Boston, MA, USA onarliog@ccs.neu.edu tingfang.yen@rsa.com aoprea@rsa.com Todd Leetham William Robertson EMC Corp Hopkinton, MA, USA Northeastern University Boston, MA, USA todd.leetham@emc.com Ari Juels RSA Laboratories Cambridge, MA, USA wkr@ccs.neu.edu Engin Kirda Northeastern University Boston, MA, USA ajuels@rsa.com ABSTRACT As more and more Internet-based attacks arise, organizations are responding by deploying an assortment of security products that generate situational intelligence in the form of logs. These logs often contain high volumes of interesting and useful information about activities in the network, and are among the first data sources that information security specialists consult when they suspect that an attack has taken place. However, security products often come from a patchwork of vendors, and are inconsistently installed and administered. They generate logs whose formats differ widely and that are often incomplete, mutually contradictory, and very large in volume. Hence, although this collected information is useful, it is often dirty. We present a novel system, Beehive, that attacks the problem of automatically mining and extracting knowledge from the dirty log data produced http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png

Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks

Association for Computing Machinery — Dec 9, 2013

Loading next page...
/lp/association-for-computing-machinery/beehive-large-scale-log-analysis-for-detecting-suspicious-activity-in-Y40TVlhoUq

References (41)

Datasource
Association for Computing Machinery
Copyright
Copyright © 2013 by ACM Inc.
ISBN
978-1-4503-2015-3
doi
10.1145/2523649.2523670
Publisher site
See Article on Publisher Site

Abstract

Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks Ting-Fang Yen RSA Laboratories Cambridge, MA, USA Alina Oprea RSA Laboratories Cambridge, MA, USA Kaan Onarlioglu Northeastern University Boston, MA, USA onarliog@ccs.neu.edu tingfang.yen@rsa.com aoprea@rsa.com Todd Leetham William Robertson EMC Corp Hopkinton, MA, USA Northeastern University Boston, MA, USA todd.leetham@emc.com Ari Juels RSA Laboratories Cambridge, MA, USA wkr@ccs.neu.edu Engin Kirda Northeastern University Boston, MA, USA ajuels@rsa.com ABSTRACT As more and more Internet-based attacks arise, organizations are responding by deploying an assortment of security products that generate situational intelligence in the form of logs. These logs often contain high volumes of interesting and useful information about activities in the network, and are among the first data sources that information security specialists consult when they suspect that an attack has taken place. However, security products often come from a patchwork of vendors, and are inconsistently installed and administered. They generate logs whose formats differ widely and that are often incomplete, mutually contradictory, and very large in volume. Hence, although this collected information is useful, it is often dirty. We present a novel system, Beehive, that attacks the problem of automatically mining and extracting knowledge from the dirty log data produced

There are no references for this article.