Naive Bayesian Spam Filters for Log File Analysis

Havens, Russel William

13 July 2011

As computer system usage grows in our world, system administrators need better visibility into the workings of computer systems, especially when those systems have problems or go down. Most system components, from hardware, through OS, to application server and application, write log files of some sort, be it system-standardized logs such syslog or application specific logs. These logs very often contain valuable clues to the nature of system problems and outages, but their verbosity can make them difficult to utilize. Statistical data mining methods could help in filtering and classifying log entries, but these tools are often out of the reach of administrators. This research tests the effectiveness of three off-the-shelf Bayesian spam email filters (SpamAssassin, SpamBayes and Bogofilter) for effectiveness as log entry classifiers. A simple scoring system, the Filter Effectiveness Scale (FES), is proposed and used to compare these filters. These filters are tested in three stages: 1) the filters were tested with the SpamAssassin corpus, with various manipulations made to the messages, 2) the filters were tested for their ability to differentiate two types of log entries taken from actual production systems, and 3) the filters were trained on log entries from actual system outages and then tested on effectiveness for finding similar outages via the log files. For stage 1, messages were tested with normalized bodies, normalized headers and with each sentence from each message body as a separate message with a standardized message. The impact of each manipulation is presented. For stages 2 and 3, log entries were tested with digits normalized to zeros, with words chained together to various lengths and one or all levels of word chains used together. The impacts of these manipulations are presented. In each of these stages, it was found that these widely available Bayesian content filters were effective in differentiating log entries. Tables of correct match percentages or score graphs, according to the nature of tests and numbers of entries are presented, are presented, and FES scores are assigned to the filters according to the attributes impacting their effectiveness. This research leads to the suggestion that simple, off-the-shelf Bayesian content filters can be used to assist system administrators and log mining systems in sifting log entries to find entries related to known conditions (for which there are example log entries), and to exclude outages which are not related to specific known entry sets.

Russel Havens

log file analysis

Bayesian content filter

spam filter

SpamAssassin

SpamBayes

Bogofilter

filter effectiveness scale

fes

Computer Sciences

Eingriffe in den Internet-Datenverkehr zur Durchsetzung des Urheberrechts

Fokken, Martin

28 October 2021

Die auf mitgliedstaatlicher und EU-Ebene grundrechtlich verbürgte Freiheit des Eigen-tums verlangt, das Urheberrecht effektiv zu schützen. Staatlich durchgeführte oder ange-ordnete technische Maßnahmen wie Netzsperren (IP- oder DNS-Sperren) und Deep Packet Inspection ermöglichen es u.a., gezielt die Übertragung von Daten zu blockieren, deren unlizenzierter Austausch über das Internet – etwa über Streaming-Portale – das Urheber-recht verletzt. Im Internet besteht ohne derartige technische Maßnahmen ein Durchset-zungsdefizit, da die unmittelbaren („Content Provider“) und mittelbaren Anbieter („Host-Provider“) der Inhalte oft nicht effektiv in Haftung genommen werden können; die techni-schen Betreiber der Infrastruktur des Internets („Internet Service Provider“) hingegen können dem staatlichen Zugriff nicht ausweichen. Die angesprochenen technischen Maß-nahmen greifen jedoch in verschiedene Grundrechte des Grundgesetzes und der Charta der Grundrechte der Europäischen Union ein. Betroffen sind insbesondere die unterneh-merische Freiheit (Art. 16 Charta) der Internet Service Provider, die Informationsfreiheit (Art. 11 Abs. 1 Charta), das Recht auf Achtung der Kommunikation (Art. 7 Charta), das Recht auf Schutz personenbezogener Daten (Art. 8 Abs. 1 Charta) der Internet-Nutzer sowie die jeweiligen mitgliedstaatlichen Entsprechungen dieser Grundrechte. Der Gegen-stand dieser Arbeit ist die Untersuchung der Vereinbarkeit der Anwendung technischer Maßnahmen zur Durchsetzung des Urheberrechts mit europäischem Primärrecht und dem Grundgesetz. / The Fundamental Right to Property, which is guaranteed at Member State and EU level, requires that copyright be effectively protected. Technical measures implemented by or required by states, such as IP/DNS blocking or Deep Packet Inspection, enable, inter alia, the targeted blocking of transmissions of data whose unlicensed exchange over the inter-net – e.g. via streaming portals – infringes copyrights. Without such technical measures, there is an enforcement deficit in the internet, as the direct ("content providers") and indi-rect providers ("host providers") of the content often cannot be effectively held liable; the technical operators of internet infrastructure ("internet service providers"), on the other hand, cannot evade governmental intervention. The technical measures mentioned, how-ever, affect various fundamental rights of the German Constitution (the “Grundgesetz”) and the Charter of Fundamental Rights of the European Union. The rights affected are, in particular, the Freedom to Conduct a Business (Article 16 of the Charter) of internet ser-vice providers, the Freedom of Information (Article 11(1) of the Charter), the Right to Re-spect for Communications (Article 7 of the Charter) and the Right to Protection of Person-al Data (Article 8 (1) of the Charter) of internet users, and the respective Member State equivalents of these fundamental rights. Subject matter of this thesis is to examine whether the use of technological measures to enforce copyrights is in compliance with Eu-ropean primary law and the German Grundgesetz.

Deep Packet Inspection

Netzsperren

IP-Sperre

DNS-Sperre

Filtermaßnahmen

Content-Filter

Urheberrecht

Informationsfreiheit

Telekommunikationsfreiheit

Access-Provider

Deep Packet Inspection

network traffic

blocking

IP blocking

DNS blocking

content filter

copyright

piracy

Freedom of Information

Right to Protection of Personal Data

Right to Respect for Communications

technical measures

internet access provider

323 Grundrechte und politische Rechte

342 Verfassungs- und Verwaltungsrecht

PZ 3400

ddc:323

ddc:342