Spelling suggestions: "subject:"detring similarity comparision"" "subject:"detring similarity comparisions""
1 |
A Study of Log Patternization for Linux-based SystemsHung, Jui-lin 30 June 2010 (has links)
With the rapid development of Internet technology, as well as extensive use of broadband networks, the issues of network security are increasing. In order to deal with these complex issues, network adminstrators adopt firewalls, intrusion detection systems, intrusion prevention systems to prevent them, in addition, the collection and analysis of log are also very important. By the log analysis, administrators can understand the error messages generated by system and the abnormal behavior of external connections, and develop the corresponding security policy on the use of the security tools. The current log analyzer, besides default rules, administrators have to spend much time reviewing the syslog of their system in detail to set the corresponding rules for their system, and each analyzer has its own unique rules of definitions. The purpose of this study is to transform tens of thounds of logs into a small number of valuable patterns, classify these patterns into abnormal ones and normal ones, and sum up the logs corresponding with listed patterns to assist administrator to review. In this study, we adopt the concept of string similarity comparison, and do similarity comparison for each log to find out all patterns which presented by regular expression. After experimental evaluation, this study can indeed analyze and generate all patterns of logs automatically, and these patterns can be applies to a practical tool of network security.
|
Page generated in 0.1163 seconds