A hybrid approach for log signature generation
Analysis of log message is very important for the identification of a suspicious system and network activity. This analysis requires the correct extraction of variable entities. The variable entities are extracted by comparing the logs messages against the log patterns. Each of these log patterns ca...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Emerald Publishing
2023-01-01
|
Series: | Applied Computing and Informatics |
Subjects: | |
Online Access: | https://www.emerald.com/insight/content/doi/10.1016/j.aci.2019.05.002/full/pdf |
_version_ | 1797796870858211328 |
---|---|
author | Prabhat Pokharel Roshan Pokhrel Basanta Joshi |
author_facet | Prabhat Pokharel Roshan Pokhrel Basanta Joshi |
author_sort | Prabhat Pokharel |
collection | DOAJ |
description | Analysis of log message is very important for the identification of a suspicious system and network activity. This analysis requires the correct extraction of variable entities. The variable entities are extracted by comparing the logs messages against the log patterns. Each of these log patterns can be represented in the form of a log signature. In this paper, we present a hybrid approach for log signature extraction. The approach consists of two modules. The first module identifies log patterns by generating log clusters. The second module uses Named Entity Recognition (NER) to extract signatures by using the extracted log clusters. Experiments were performed on event logs from Windows Operating System, Exchange and Unix and validation of the result was done by comparing the signatures and the variable entities against the standard log documentation. The outcome of the experiments was that extracted signatures were ready to be used with a high degree of accuracy. |
first_indexed | 2024-03-13T03:39:36Z |
format | Article |
id | doaj.art-8e41095a7d154e7ab736d3e36fb8c889 |
institution | Directory Open Access Journal |
issn | 2634-1964 2210-8327 |
language | English |
last_indexed | 2024-03-13T03:39:36Z |
publishDate | 2023-01-01 |
publisher | Emerald Publishing |
record_format | Article |
series | Applied Computing and Informatics |
spelling | doaj.art-8e41095a7d154e7ab736d3e36fb8c8892023-06-23T09:37:56ZengEmerald PublishingApplied Computing and Informatics2634-19642210-83272023-01-01191/210812110.1016/j.aci.2019.05.002A hybrid approach for log signature generationPrabhat Pokharel0Roshan Pokhrel1Basanta Joshi2Department of Graduate Studies, NCIT, Lalitpur, NepalDepartment of Electronics and Computer Engineering, IoE, Lalitpur, NepalDepartment of Electronics and Computer Engineering, IoE, Lalitpur, NepalAnalysis of log message is very important for the identification of a suspicious system and network activity. This analysis requires the correct extraction of variable entities. The variable entities are extracted by comparing the logs messages against the log patterns. Each of these log patterns can be represented in the form of a log signature. In this paper, we present a hybrid approach for log signature extraction. The approach consists of two modules. The first module identifies log patterns by generating log clusters. The second module uses Named Entity Recognition (NER) to extract signatures by using the extracted log clusters. Experiments were performed on event logs from Windows Operating System, Exchange and Unix and validation of the result was done by comparing the signatures and the variable entities against the standard log documentation. The outcome of the experiments was that extracted signatures were ready to be used with a high degree of accuracy.https://www.emerald.com/insight/content/doi/10.1016/j.aci.2019.05.002/full/pdfLog messageNamed entity recognitionDensity-based spatial clusteringSimilarity measureSupport vector machine |
spellingShingle | Prabhat Pokharel Roshan Pokhrel Basanta Joshi A hybrid approach for log signature generation Applied Computing and Informatics Log message Named entity recognition Density-based spatial clustering Similarity measure Support vector machine |
title | A hybrid approach for log signature generation |
title_full | A hybrid approach for log signature generation |
title_fullStr | A hybrid approach for log signature generation |
title_full_unstemmed | A hybrid approach for log signature generation |
title_short | A hybrid approach for log signature generation |
title_sort | hybrid approach for log signature generation |
topic | Log message Named entity recognition Density-based spatial clustering Similarity measure Support vector machine |
url | https://www.emerald.com/insight/content/doi/10.1016/j.aci.2019.05.002/full/pdf |
work_keys_str_mv | AT prabhatpokharel ahybridapproachforlogsignaturegeneration AT roshanpokhrel ahybridapproachforlogsignaturegeneration AT basantajoshi ahybridapproachforlogsignaturegeneration AT prabhatpokharel hybridapproachforlogsignaturegeneration AT roshanpokhrel hybridapproachforlogsignaturegeneration AT basantajoshi hybridapproachforlogsignaturegeneration |