Towards Mining Syslog Data
Abe Singer - University of California at San Diego
Nov 03, 2004Size: 218.9MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractSyslog is the primary source of information about intrusion-related activity on a Unix system. Searching for known messages and patterns in syslog data is easy to do, and many tools are available for doing so. However, information and patterns that are not already "known" -- those that have not been seen or derived already, may provide even more information about attacks and intrusions. Data mining techniques can help us discover and analyze that information, but, the general lack of structure in syslog data makes it impossible to apply these techniques directly to the data. To address the problem, we are researching methods of generating patterns from an archive of system logs which can uniquely identify syslog messages by the variant and invariant elements of the messages. Once syslog messages can be uniquely identified, data mining techniques for use in intrusion detection or forensic analysis will be far more useful.
About the SpeakerAbe Singer is a Computer Security Researcher with the Security Technologies Group at the San Diego Supercomputer Center. Involved with both operational security and research, his work involves growing SDSC logging infrastructure and analysis capabilities, participating in incident response and investigation, and working with the Teragrid Security Working Group. Mr. Singer\'s current research is in analysis of syslog data and data mining of logs for security. In addition to his work at SDSC, Mr. Singer is an occasional consultant and expert witness, and runs the San Diego Regional Information Watch (www.sdriw.org).
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.