Log File Analysis with Context-Free Grammars
Loading...
Date
Authors
Gruner, Stefan
Journal Title
Journal ISSN
Volume Title
Publisher
Springer-Verlag
Abstract
Classical ways of intrusion analysis from textual communication log files are either AI-based (such as by combinations of data mining with various techniques of machine learning), or they are based on regular expressions (such as the scanners implemented in the CISCO boxes). Whereas AI-based heuristics are not analytically exact, methods based on regular expressions do not reach very far in Chomsky's hierarchy of languages. In this short chapter we describe work in progress on the topic of parsing traces of network traffic with context-free grammars. "Green" grammars describe acceptable log files, whereas "red" grammars represent already known specific patterns of intrusion attempts. This technique can complement or augment the aready existing AI-approaches with additional precision. Analytically it is also more powerful than CISCO's technique on the basis of regular expressions.
Description
Keywords
Intrusion detection, Log file analysis, Context-free grammars, Decision problem
Sustainable Development Goals
Citation
Gregory Bosman & Stefan Gruner: Log File Analysis with Context-Free Grammars. Advances in Digital Forensics IX, Chapter 10, pp. 145-152, IFIP Advances in Information and Communication Technology 410, Springer-Verlag, 2013.