Автор: Florian Skopik, Markus Wurzenberger, Max Landauer
Издательство: Springer
Год: 2021
Страниц: 210
Язык: английский
Формат: pdf (true), epub
Размер: 20.6 MB
Prudent event monitoring and logging are the only means that allow system operators and security teams to truly understand how complex systems are utilized. Log data are essential to detect intrusion attempts in real time or forensically work through previous incidents to create a vital understanding of what has happened in the past.
This book provides insights into smart ways of computer log data analysis, with the goal of spotting adversarial actions. It is organized into 3 major parts with a total of 8 chapters that include a detailed view on existing solutions, as well as novel techniques that go far beyond state of the art. The first part of this book motivates the entire topic and highlights major challenges, trends and design criteria for log data analysis approaches, and further surveys and compares the state of the art. The second part of this book introduces concepts that apply character-based, rather than token-based, approaches and thus work on a more fine-grained level. Furthermore, these solutions were designed for “online use”, not only forensic analysis, but also process new log lines as they arrive in an efficient single pass manner.
An advanced method for time series analysis aims at detecting changes in the overall behavior profile of an observed system and spotting trends and periodicities through log analysis. The third part of this book introduces the design of the AMiner, which is an advanced open source component for log data anomaly mining. The AMiner comes with several detectors to spot new events, new parameters, new correlations, new values and unknown value combinations and can run as stand-alone solution or as sensor with connection to a SIEM solution. More advanced detectors help to determines the characteristics of variable parts of log lines, specifically the properties of numerical and categorical fields.
This book discusses important extensions to the state of the art. Its content is meant for academics, researchers, and graduate students—as well as any forward-thinking practitioner interested to:
• Learn how to parse and normalize log data in a scalable way, i.e., without inefficient linear lists of regular expressions
• Learn how to efficiently cluster log events in real time, i.e., create clusters incrementally while log events arrive
• Learn how to characterize systems and create behavior profiles with the use of cluster maps
• Learn how to automatically create correlation rules from log data
• Learn how to track system behavior trends over time
Скачать Smart Log Data Analytics: Techniques for Advanced Security Analysis