Smart Log Data Analytics
portes grátis
Smart Log Data Analytics
Techniques for Advanced Security Analysis
Wurzenberger, Markus; Skopik, Florian; Landauer, Max
Springer Nature Switzerland AG
08/2021
208
Dura
Inglês
9783030744496
15 a 20 dias
506
Descrição não disponível.
I1.- Introduction.- 1.1 State of the art in security monitoring and anomaly detection.- 1.2 Current trends.- 1.3. future challenges.- 1.4 Log data analysis: today and tomorrow.- 1.5 Smart log data analytics: Structure of the book.- 1.6 Try it out: Hands-on examples throughout the book.- 2 Survey on log clustering approaches.- 2.1 Introduction. 2.2 Survey background.- 2.1 The nature of log data. 2.2 Static clustering.- 2.3 Dynamic clustering.- 2.4 Applications in the security domain.- 2.3 Survey method.- 2.3.1 Set of criteria.- 2.3.2 Literature search.- 2.4 Survey results.- 2.4.1 Purpose and applicability (P).- 2.4.2 Clustering techniques (C).- 2.4.3 Anomaly detection (AD).- 2.4.4 Evaluation (E). 2.4.5 Discussion.- 2.5 Conclusion.- 3 Incremental log data clustering for processing large amounts of data online.- 3.1 Introduction.- 3.2 Concept for incremental clustering.- 3.2.1 Incremental clustering.- 3.2.2 Description of model.- 3.2.3 String metrics.- 3.2.4 Description of model M1.-- 3.2.5 Time series analysis.- 3.3 Outlook and further development.- 3.4 Try it out.- 3.4.1 Exim Mainlog.- 3.4.2 Messages log file.- 4 Generating character-based templates for log data.- 4.1 Introduction.- 4.2 Concept for generating character-based templates.- 4.3 Cluster template generator algorithms4.3.1 Initial matching.- 4.3.2 Merge algorithm.-4.3.3 Length algorithm.- 4.3.4 Equalmerge algorithm.- 4.3.5 Token_char algorithm.- 4.3.6 Comparison.- 4.4 Outlook and further development.- 4.5 Try it out .- 4.5.1 Exim Mainlog.- 5 Time series analysis for temporal anomaly detection5.1 Introduction.- 5.2 Concept for dynamic clustering and AD.- 5.3 Cluster evolution.- 5.3.1 Clustering model.- 5.3.2 Tracking.- 5.3.3 Transitions.- 5.3.4 Evolution metrics .- 5.4 Time series analysis.- 5.4.1 Model.- 5.4.2 Forecast.- 5.4.3 Correlation.- 5.4.4 Detection.- 5.5 Example.- 5.5.1 Long-term analysis of Suricata logs.- 5.5.2 Short-term analysis of Audit logs.- 6 AECID: A light-weight log analysis approach for online anomaly detection.- 6.1 Introduction.- 6.2 The AECID approach.- 6.2.1 AMiner.- 6.2. AECID central.- 6.2. Detecting anomalies.- 6.2. Rule generator.- 6.2. Correlation engine.- 6.2. Detectable anomalies.- 6. System deployment and operation.- 6. Application scenarios.- 6. Try it out.- 6.5.1 Configuration of the AMiner for AIT-LDSv1. - 6.5.2 Apache Access logs.- 6.5.3 Exim Mainlog file.- 6.5.4 Audit logs.- 7. A concept for a tree-based log parser generator.- 7.1 Introduction.- 7.2 Tree-based parser concept.- 7.3 AECID-PG: tree-based log parser generator.- 7.3.1 Challenges when generating tree-like parsers.- 7.3.2 AECID-PG concept.- 7.3.3 AECID-PG rules.- 7.3.4 Features.- 7.4 Outlook and further application.- 7.5 Try it out.- 7.5.1 Exim Mainlog.- 7.5.2 Audit logs.- 8 Variable type detector for statistical analysis of log tokens.- 8.1 Introduction.-.-8.2 Variable type detector concept.- 8.3 Variable type detector algorithm.- 8.3.1 Sanitize log data.- 8.3.2 Initialize types.- 8.3.3 Update types.- 8.3.4 Compute indicators.- 8.3.5 Select tokens.- 8.3.6 Compute indicator weights.- 8.3.7 Report anomalies.- 8.4 Try it out.- 8.4.1 Apache Access log.- 9. Final remarks.
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
Cyber security;computer security;log data analysis;anomaly detection;machine learning;system behavior;system monitoring;model building;clustering;incremental clustering;outlier detection;online processing;event processing;time series analysis;log data parser;statistical tests
I1.- Introduction.- 1.1 State of the art in security monitoring and anomaly detection.- 1.2 Current trends.- 1.3. future challenges.- 1.4 Log data analysis: today and tomorrow.- 1.5 Smart log data analytics: Structure of the book.- 1.6 Try it out: Hands-on examples throughout the book.- 2 Survey on log clustering approaches.- 2.1 Introduction. 2.2 Survey background.- 2.1 The nature of log data. 2.2 Static clustering.- 2.3 Dynamic clustering.- 2.4 Applications in the security domain.- 2.3 Survey method.- 2.3.1 Set of criteria.- 2.3.2 Literature search.- 2.4 Survey results.- 2.4.1 Purpose and applicability (P).- 2.4.2 Clustering techniques (C).- 2.4.3 Anomaly detection (AD).- 2.4.4 Evaluation (E). 2.4.5 Discussion.- 2.5 Conclusion.- 3 Incremental log data clustering for processing large amounts of data online.- 3.1 Introduction.- 3.2 Concept for incremental clustering.- 3.2.1 Incremental clustering.- 3.2.2 Description of model.- 3.2.3 String metrics.- 3.2.4 Description of model M1.-- 3.2.5 Time series analysis.- 3.3 Outlook and further development.- 3.4 Try it out.- 3.4.1 Exim Mainlog.- 3.4.2 Messages log file.- 4 Generating character-based templates for log data.- 4.1 Introduction.- 4.2 Concept for generating character-based templates.- 4.3 Cluster template generator algorithms4.3.1 Initial matching.- 4.3.2 Merge algorithm.-4.3.3 Length algorithm.- 4.3.4 Equalmerge algorithm.- 4.3.5 Token_char algorithm.- 4.3.6 Comparison.- 4.4 Outlook and further development.- 4.5 Try it out .- 4.5.1 Exim Mainlog.- 5 Time series analysis for temporal anomaly detection5.1 Introduction.- 5.2 Concept for dynamic clustering and AD.- 5.3 Cluster evolution.- 5.3.1 Clustering model.- 5.3.2 Tracking.- 5.3.3 Transitions.- 5.3.4 Evolution metrics .- 5.4 Time series analysis.- 5.4.1 Model.- 5.4.2 Forecast.- 5.4.3 Correlation.- 5.4.4 Detection.- 5.5 Example.- 5.5.1 Long-term analysis of Suricata logs.- 5.5.2 Short-term analysis of Audit logs.- 6 AECID: A light-weight log analysis approach for online anomaly detection.- 6.1 Introduction.- 6.2 The AECID approach.- 6.2.1 AMiner.- 6.2. AECID central.- 6.2. Detecting anomalies.- 6.2. Rule generator.- 6.2. Correlation engine.- 6.2. Detectable anomalies.- 6. System deployment and operation.- 6. Application scenarios.- 6. Try it out.- 6.5.1 Configuration of the AMiner for AIT-LDSv1. - 6.5.2 Apache Access logs.- 6.5.3 Exim Mainlog file.- 6.5.4 Audit logs.- 7. A concept for a tree-based log parser generator.- 7.1 Introduction.- 7.2 Tree-based parser concept.- 7.3 AECID-PG: tree-based log parser generator.- 7.3.1 Challenges when generating tree-like parsers.- 7.3.2 AECID-PG concept.- 7.3.3 AECID-PG rules.- 7.3.4 Features.- 7.4 Outlook and further application.- 7.5 Try it out.- 7.5.1 Exim Mainlog.- 7.5.2 Audit logs.- 8 Variable type detector for statistical analysis of log tokens.- 8.1 Introduction.-.-8.2 Variable type detector concept.- 8.3 Variable type detector algorithm.- 8.3.1 Sanitize log data.- 8.3.2 Initialize types.- 8.3.3 Update types.- 8.3.4 Compute indicators.- 8.3.5 Select tokens.- 8.3.6 Compute indicator weights.- 8.3.7 Report anomalies.- 8.4 Try it out.- 8.4.1 Apache Access log.- 9. Final remarks.
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
