Abe Singer - University of California at San Diego
"Towards Mining Syslog Data"
Nov 03, 2004Download: MP4 Video Size: 218.9MB
Watch on YouTube
AbstractSyslog is the primary source of information about intrusion-related activity on a Unix system. Searching for known messages and patterns in syslog data is easy to do, and many tools are available for doing so. However, information and patterns that are not already "known" -- those that have not been seen or derived already, may provide even more information about attacks and intrusions. Data mining techniques can help us discover and analyze that information, but, the general lack of structure in syslog data makes it impossible to apply these techniques directly to the data. To address the problem, we are researching methods of generating patterns from an archive of system logs which can uniquely identify syslog messages by the variant and invariant elements of the messages. Once syslog messages can be uniquely identified, data mining techniques for use in intrusion detection or forensic analysis will be far more useful.
About the Speaker
Abe Singer is a Computer Security Researcher with the Security Technologies Group at the San Diego Supercomputer Center. Involved with both operational security and research, his work involves growing SDSC logging infrastructure and analysis capabilities, participating in incident response and investigation, and working with the Teragrid Security Working Group. Mr. Singer\'s current research is in analysis of syslog data and data mining of logs for security. In addition to his work at SDSC, Mr. Singer is an occasional consultant and expert witness, and runs the San Diego Regional Information Watch (www.sdriw.org).
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...