UPM Institutional Repository

Filtering events using clustering in heterogeneous security logs


Hajamydeen, Asif Iqbal and Udzir, Nur Izura and Mahmod, Ramlan and Abd Ghani, Abdul Azim (2011) Filtering events using clustering in heterogeneous security logs. Information Technology Journal, 10 (4). pp. 798-806. ISSN 1812-5638; ESSN: 1812-5646


Log files are rich sources of information exhibiting the actions performed during the usage of a computer system in our daily work. In this study we concentrate on parsing/isolating logs from different sources and then clustering the logs using data mining tool (Weka) to filter the unwanted entries in the logs which will greatly help in correlating the events from different logs. Unfortunately parsing heterogeneous logs to extract the attribute values becomes tedious, since every type of log is stored in a proprietary format. We propose a framework that has the ability to parse and isolate a variety of logs, followed by clustering the logs to identify and remove unneeded entries. Experiments involving a range of logs, reveals the fact that clustering has the capacity to group log entries with a higher degree of accuracy, thereby assisting to identify correctly the entries to be removed.

Download File

PDF (Abstract)
Filtering events using clustering in heterogeneous security logs.pdf

Download (33kB) | Preview
Official URL or Download Paper: http://scialert.net/abstract/?doi=itj.2011.798.806

Additional Metadata

Item Type: Article
Divisions: Faculty of Computer Science and Information Technology
DOI Number: https://doi.org/10.3923/itj.2011.798.806
Publisher: Asian Network for Scientific Information
Keywords: Event filtering; False; False positive rate; Heterogeneous log parsing; Multi-level clustering
Depositing User: Nabilah Mustapa
Date Deposited: 08 Jun 2016 08:33
Last Modified: 08 Jun 2016 08:33
Altmetrics: http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.3923/itj.2011.798.806
URI: http://psasir.upm.edu.my/id/eprint/22453
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item