Log File Analysis with Context-Free Grammars

Loading...
Thumbnail Image

Date

Authors

Gruner, Stefan

Journal Title

Journal ISSN

Volume Title

Publisher

Springer-Verlag

Abstract

Classical ways of intrusion analysis from textual communication log files are either AI-based (such as by combinations of data mining with various techniques of machine learning), or they are based on regular expressions (such as the scanners implemented in the CISCO boxes). Whereas AI-based heuristics are not analytically exact, methods based on regular expressions do not reach very far in Chomsky's hierarchy of languages. In this short chapter we describe work in progress on the topic of parsing traces of network traffic with context-free grammars. "Green" grammars describe acceptable log files, whereas "red" grammars represent already known specific patterns of intrusion attempts. This technique can complement or augment the aready existing AI-approaches with additional precision. Analytically it is also more powerful than CISCO's technique on the basis of regular expressions.

Description

Keywords

Intrusion detection, Log file analysis, Context-free grammars, Decision problem

Sustainable Development Goals

Citation

Gregory Bosman & Stefan Gruner: Log File Analysis with Context-Free Grammars. Advances in Digital Forensics IX, Chapter 10, pp. 145-152, IFIP Advances in Information and Communication Technology 410, Springer-Verlag, 2013.