Investigating event log analysis with minimum apriori information

Investigating event log analysis with minimum apriori information

This thesis proposes a hybrid log alert detection scheme, which incorporates anomaly detection and signature generation to accomplish its goal. Unlike previous work, minimum apriori knowledge of the system being analyzed is assumed. This assumption enhances the platform portability of the framework....

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Makanju, Adetokunbo, Zincir-Heywood, A. Nur, Milios, Evangelos E.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Algorithms
Computers
Data mining
Data visualization
Itemsets
Modeling and Assessment
Monitoring
Networked Systems
Production systems
Semantics
System Management
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This thesis proposes a hybrid log alert detection scheme, which incorporates anomaly detection and signature generation to accomplish its goal. Unlike previous work, minimum apriori knowledge of the system being analyzed is assumed. This assumption enhances the platform portability of the framework. The anomaly detection component works in a bottom-up manner on the contents of historical system log data to detect regions of the log, which contain anomalous (alert) behaviour. The identified anomalous regions (after inspection by a human administrator through a visualization system) are then passed to the signature generation component, which mines them for patterns. Consequently, future occurrences of the underlying alert in the anomalous log region, can be detected on a production system using the discovered patterns. The combination of anomaly detection and signature generation, which is novel when compared to previous work, ensures that a framework which is accurate while still being able to detect new and unknown alerts is attained.
ISSN:1573-0077