基于熵的新一代系统日志告警检测框架

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops Pub Date : 2011-05-23 DOI:10.1109/INM.2011.5990587

A. Makanju, A. N. Zincir-Heywood, E. Milios

{"title":"基于熵的新一代系统日志告警检测框架","authors":"A. Makanju, A. N. Zincir-Heywood, E. Milios","doi":"10.1109/INM.2011.5990587","DOIUrl":null,"url":null,"abstract":"Recent research efforts have highlighted the capability of entropy based approaches in the automatic discovery of alerts in system logs. In this work, we extend this research to present the evaluations of three entropy based approaches on new datasets not utilized in previous papers. We also extend the approach with the introduction of a Cluster Membership Anomaly score. This extension of the approach is intended to reduce the false positive rates required to detect all alerts. Previous work has shown that false positive rates required for the detection of all alerts for an entropy based approach could be very high. The results show that the Cluster Membership Anomaly score has value for the reduction of false positive rates.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A next generation entropy based framework for alert detection in system logs\",\"authors\":\"A. Makanju, A. N. Zincir-Heywood, E. Milios\",\"doi\":\"10.1109/INM.2011.5990587\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recent research efforts have highlighted the capability of entropy based approaches in the automatic discovery of alerts in system logs. In this work, we extend this research to present the evaluations of three entropy based approaches on new datasets not utilized in previous papers. We also extend the approach with the introduction of a Cluster Membership Anomaly score. This extension of the approach is intended to reduce the false positive rates required to detect all alerts. Previous work has shown that false positive rates required for the detection of all alerts for an entropy based approach could be very high. The results show that the Cluster Membership Anomaly score has value for the reduction of false positive rates.\",\"PeriodicalId\":433520,\"journal\":{\"name\":\"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INM.2011.5990587\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INM.2011.5990587","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

最近的研究工作强调了基于熵的方法在自动发现系统日志中的警报方面的能力。在这项工作中，我们扩展了这项研究，提出了在以前的论文中未使用的新数据集上基于熵的三种方法的评估。我们还通过引入集群成员异常评分扩展了该方法。这种方法的扩展旨在降低检测所有警报所需的误报率。先前的研究表明，基于熵的方法检测所有警报所需的误报率可能非常高。结果表明，聚类隶属度异常评分对降低误报率具有一定的价值。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A next generation entropy based framework for alert detection in system logs

Recent research efforts have highlighted the capability of entropy based approaches in the automatic discovery of alerts in system logs. In this work, we extend this research to present the evaluations of three entropy based approaches on new datasets not utilized in previous papers. We also extend the approach with the introduction of a Cluster Membership Anomaly score. This extension of the approach is intended to reduce the false positive rates required to detect all alerts. Previous work has shown that false positive rates required for the detection of all alerts for an entropy based approach could be very high. The results show that the Cluster Membership Anomaly score has value for the reduction of false positive rates.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

自引率

0.00%

发文量