Comparative Analysis of Pattern Mining Algorithms for Event Logs

Abstract

During the last two decades, the mining of message patterns from textual event logs has become an important security monitoring and system management task. A number of algorithms have been developed for that purpose, and recently several comparative studies of these algorithms have been published. However, existing studies have several drawbacks like the lack of performance evaluation on real-life data sets and the use of suboptimal settings for evaluated algorithms. This paper addresses these issues and evaluates commonly used log mining algorithms on a number of security and system event logs.