Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A hybrid approach for log signature generation

A hybrid approach for log signature generation Analysis of log message is very important for the identification of a suspicious system and network activity. This analysis requires the correct extraction of variable entities. The variable entities are extracted by comparing the logs messages against the log patterns. Each of these log patterns can be represented in the form of a log signature. In this paper, we present a hybrid approach for log signature extraction. The approach consists of two modules. The first module identifies log patterns by generating log clusters. The second module uses Named Entity Recognition (NER) to extract signatures by using the extracted log clusters. Experiments were performed on event logs from Windows Operating System, Exchange and Unix and validation of the result was done by comparing the signatures and the variable entities against the standard log documentation. The outcome of the experiments was that extracted signatures were ready to be used with a high degree of accuracy. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Applied Computing and Informatics Emerald Publishing

A hybrid approach for log signature generation

Download PDF

A hybrid approach for log signature generation

Pokharel, Prabhat; Pokhrel, Roshan; Joshi, Basanta
Applied Computing and Informatics , Volume 19 (1/2): 14 – Jan 12, 2023

Abstract

Analysis of log message is very important for the identification of a suspicious system and network activity. This analysis requires the correct extraction of variable entities. The variable entities are extracted by comparing the logs messages against the log patterns. Each of these log patterns can be represented in the form of a log signature. In this paper, we present a hybrid approach for log signature extraction. The approach consists of two modules. The first module identifies log patterns by generating log clusters. The second module uses Named Entity Recognition (NER) to extract signatures by using the extracted log clusters. Experiments were performed on event logs from Windows Operating System, Exchange and Unix and validation of the result was done by comparing the signatures and the variable entities against the standard log documentation. The outcome of the experiments was that extracted signatures were ready to be used with a high degree of accuracy.

Loading next page...
 
/lp/emerald-publishing/a-hybrid-approach-for-log-signature-generation-7mdvp3HtG3
Publisher
Emerald Publishing
Copyright
© Prabhat Pokharel, Roshan Pokhrel and Basanta Joshi
ISSN
2634-1964
eISSN
2210-8327
DOI
10.1016/j.aci.2019.05.002
Publisher site
See Article on Publisher Site

Abstract

Analysis of log message is very important for the identification of a suspicious system and network activity. This analysis requires the correct extraction of variable entities. The variable entities are extracted by comparing the logs messages against the log patterns. Each of these log patterns can be represented in the form of a log signature. In this paper, we present a hybrid approach for log signature extraction. The approach consists of two modules. The first module identifies log patterns by generating log clusters. The second module uses Named Entity Recognition (NER) to extract signatures by using the extracted log clusters. Experiments were performed on event logs from Windows Operating System, Exchange and Unix and validation of the result was done by comparing the signatures and the variable entities against the standard log documentation. The outcome of the experiments was that extracted signatures were ready to be used with a high degree of accuracy.

Journal

Applied Computing and InformaticsEmerald Publishing

Published: Jan 12, 2023

Keywords: Log message; Named entity recognition; Density-based spatial clustering; Similarity measure; Support vector machine

References

  • Analyzing cluster log files using Logsurfer
    Prewett, E.J.
  • An unsupervised framework for detecting anomalous messages from syslog log files
    Vaarandi, R.; Blumbergs, B.; Kont, M.
  • Event log analysis with the LogCluster tool
    Vaarandi, R.; Kont, M.; Pihelgas, M.
  • Efficient Event Log Mining with LogClusterC
    Vaarandi, R.; Zhuge, C.
  • A data clustering algorithm for mining patterns from event logs
    Vaarandi, R.
  • Towards an NLP-based log template generation algorithm for system log analysis
    Kobayashi, S.; Fukuda, K.; Esaki, H.
  • Intelligent clustering scheme for log data streams
    Joshi, B.; Bista, U.; Ghimire, M.
  • Drain: an online log parsing approach with fixed depth Tree
    He, P.; Zhu, J.; Zheng, Z.; R Lyu, M.
  • A Search-based approach for accurate identification of log message formats
    Messaoudi, S.; Panichella, A.; Bianculli, D.; Briand, L.; Sasnauskas, R.
  • LogMine: fast pattern recognition for log analytics
    Hamooni, H.; Debnath, B.; Xu, J.; Zhang, H.; Jiang, G.; Mueen, A.
  • Detecting large-scale system problems by mining console logs
    Wei, X.; Ling, H.; Armando, F.; David, P.; Michael, I.J.
  • Finding similar documents using different clustering techniques
    Al-Anaz, S.; AlMahmoud, H.; Al-Turaiki, I.
  • Named entity recognition from biomedical text using SVM
    Ju, Z.; Wang, J.; Zhu, F.