Smart Log Data Analytics (Record no. 174105)
[ view plain ]
000 -LEADER | |
---|---|
fixed length control field | 07898nam a22006135i 4500 |
001 - CONTROL NUMBER | |
control field | 978-3-030-74450-2 |
003 - CONTROL NUMBER IDENTIFIER | |
control field | DE-He213 |
005 - DATE AND TIME OF LATEST TRANSACTION | |
control field | 20240423125104.0 |
007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION | |
fixed length control field | cr nn 008mamaa |
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
fixed length control field | 210828s2021 sz | s |||| 0|eng d |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 9783030744502 |
-- | 978-3-030-74450-2 |
024 7# - OTHER STANDARD IDENTIFIER | |
Standard number or code | 10.1007/978-3-030-74450-2 |
Source of number or code | doi |
050 #4 - LIBRARY OF CONGRESS CALL NUMBER | |
Classification number | QA76.9.A25 |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | UR |
Source | bicssc |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | UTN |
Source | bicssc |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | COM053000 |
Source | bisacsh |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | UR |
Source | thema |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | UTN |
Source | thema |
082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER | |
Classification number | 005.8 |
Edition number | 23 |
100 1# - MAIN ENTRY--PERSONAL NAME | |
Personal name | Skopik, Florian. |
Relator term | author. |
Relator code | aut |
-- | http://id.loc.gov/vocabulary/relators/aut |
245 10 - TITLE STATEMENT | |
Title | Smart Log Data Analytics |
Medium | [electronic resource] : |
Remainder of title | Techniques for Advanced Security Analysis / |
Statement of responsibility, etc | by Florian Skopik, Markus Wurzenberger, Max Landauer. |
250 ## - EDITION STATEMENT | |
Edition statement | 1st ed. 2021. |
264 #1 - | |
-- | Cham : |
-- | Springer International Publishing : |
-- | Imprint: Springer, |
-- | 2021. |
300 ## - PHYSICAL DESCRIPTION | |
Extent | XV, 208 p. 65 illus., 36 illus. in color. |
Other physical details | online resource. |
336 ## - | |
-- | text |
-- | txt |
-- | rdacontent |
337 ## - | |
-- | computer |
-- | c |
-- | rdamedia |
338 ## - | |
-- | online resource |
-- | cr |
-- | rdacarrier |
347 ## - | |
-- | text file |
-- | |
-- | rda |
505 0# - FORMATTED CONTENTS NOTE | |
Formatted contents note | I1 -- Introduction -- 1.1 State of the art in security monitoring and anomaly detection -- 1.2 Current trends -- 1.3. future challenges -- 1.4 Log data analysis: today and tomorrow -- 1.5 Smart log data analytics: Structure of the book -- 1.6 Try it out: Hands-on examples throughout the book -- 2 Survey on log clustering approaches -- 2.1 Introduction. 2.2 Survey background -- 2.1 The nature of log data. 2.2 Static clustering -- 2.3 Dynamic clustering -- 2.4 Applications in the security domain -- 2.3 Survey method -- 2.3.1 Set of criteria -- 2.3.2 Literature search -- 2.4 Survey results -- 2.4.1 Purpose and applicability (P) -- 2.4.2 Clustering techniques (C) -- 2.4.3 Anomaly detection (AD) -- 2.4.4 Evaluation (E). 2.4.5 Discussion -- 2.5 Conclusion -- 3 Incremental log data clustering for processing large amounts of data online -- 3.1 Introduction -- 3.2 Concept for incremental clustering -- 3.2.1 Incremental clustering -- 3.2.2 Description of model -- 3.2.3 String metrics -- 3.2.4 Description of model M1.‑‑ 3.2.5 Time series analysis -- 3.3 Outlook and further development -- 3.4 Try it out -- 3.4.1 Exim Mainlog -- 3.4.2 Messages log file -- 4 Generating character-based templates for log data -- 4.1 Introduction -- 4.2 Concept for generating character-based templates -- 4.3 Cluster template generator algorithms4.3.1 Initial matching -- 4.3.2 Merge algorithm.-4.3.3 Length algorithm -- 4.3.4 Equalmerge algorithm -- 4.3.5 Token_char algorithm -- 4.3.6 Comparison -- 4.4 Outlook and further development -- 4.5 Try it out -- 4.5.1 Exim Mainlog -- 5 Time series analysis for temporal anomaly detection5.1 Introduction -- 5.2 Concept for dynamic clustering and AD -- 5.3 Cluster evolution -- 5.3.1 Clustering model -- 5.3.2 Tracking -- 5.3.3 Transitions -- 5.3.4 Evolution metrics -- 5.4 Time series analysis -- 5.4.1 Model -- 5.4.2 Forecast -- 5.4.3 Correlation -- 5.4.4 Detection -- 5.5 Example -- 5.5.1 Long-term analysis of Suricata logs -- 5.5.2 Short-term analysis of Audit logs -- 6 AECID: A light-weight log analysis approach for online anomaly detection -- 6.1 Introduction -- 6.2 The AECID approach -- 6.2.1 AMiner -- 6.2. AECID central -- 6.2. Detecting anomalies -- 6.2. Rule generator -- 6.2. Correlation engine -- 6.2. Detectable anomalies -- 6. System deployment and operation -- 6. Application scenarios -- 6. Try it out -- 6.5.1 Configuration of the AMiner for AIT-LDSv1. - 6.5.2 Apache Access logs -- 6.5.3 Exim Mainlog file -- 6.5.4 Audit logs -- 7. A concept for a tree-based log parser generator -- 7.1 Introduction -- 7.2 Tree-based parser concept -- 7.3 AECID-PG: tree-based log parser generator -- 7.3.1 Challenges when generating tree-like parsers -- 7.3.2 AECID-PG concept -- 7.3.3 AECID-PG rules -- 7.3.4 Features -- 7.4 Outlook and further application -- 7.5 Try it out -- 7.5.1 Exim Mainlog -- 7.5.2 Audit logs -- 8 Variable type detector for statistical analysis of log tokens -- 8.1 Introduction.-.-8.2 Variable type detector concept -- 8.3 Variable type detector algorithm -- 8.3.1 Sanitize log data -- 8.3.2 Initialize types -- 8.3.3 Update types -- 8.3.4 Compute indicators -- 8.3.5 Select tokens -- 8.3.6 Compute indicator weights -- 8.3.7 Report anomalies -- 8.4 Try it out -- 8.4.1 Apache Access log -- 9. Final remarks. |
520 ## - SUMMARY, ETC. | |
Summary, etc | This book provides insights into smart ways of computer log data analysis, with the goal of spotting adversarial actions. It is organized into 3 major parts with a total of 8 chapters that include a detailed view on existing solutions, as well as novel machine learning techniques that go far beyond state of the art. The first part of this book motivates the entire topic and highlights major challenges, trends and design criteria for log data analysis approaches, and further surveys and compares the state of the art. The second part of this book introduces concepts that apply character-based, rather than token-based, approaches and thus work on a more fine-grained level. Furthermore, these solutions were designed for “online use”, not only forensic analysis, but also process new log lines as they arrive in an efficient single pass manner. An advanced method for time series analysis aims at detecting changes in the overall behavior profile of an observed system and spotting trends and periodicities through log analysis. The third part of this book introduces the design of the AMiner, which is an advanced open source component for log data anomaly mining. The AMiner comes with several detectors to spot new events, new parameters, new correlations, new values and unknown value combinations and can run as stand-alone solution or as sensor with connection to a SIEM solution. More advanced detectors help to determine the characteristics of variable parts of log lines, specifically the properties of numerical and categorical fields. Detailed examples throughout this book allow the reader to better understand and apply the introduced techniques with open source software. Step-by-step instructions help to get familiar with the concepts and to better comprehend their inner mechanisms. A log test data set is available as free download and enables the reader to get the system up and running in no time. This book is designed for researchers working in the field of cyber security, and specifically system monitoring, anomaly detection and intrusion detection. The content of this book will be particularly useful for advanced-level students studying computer science, computer technology, and information systems. Forward-thinking practitioners, who would benefit from becoming familiar with the advanced anomaly detection methods, will also be interested in this book. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Data protection. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Machine learning. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Computer security. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Data mining. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Pattern recognition systems. |
650 14 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Data and Information Security. |
650 24 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Machine Learning. |
650 24 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Principles and Models of Security. |
650 24 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Data Mining and Knowledge Discovery. |
650 24 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Automated Pattern Recognition. |
700 1# - ADDED ENTRY--PERSONAL NAME | |
Personal name | Wurzenberger, Markus. |
Relator term | author. |
Relator code | aut |
-- | http://id.loc.gov/vocabulary/relators/aut |
700 1# - ADDED ENTRY--PERSONAL NAME | |
Personal name | Landauer, Max. |
Relator term | author. |
Relator code | aut |
-- | http://id.loc.gov/vocabulary/relators/aut |
710 2# - ADDED ENTRY--CORPORATE NAME | |
Corporate name or jurisdiction name as entry element | SpringerLink (Online service) |
773 0# - HOST ITEM ENTRY | |
Title | Springer Nature eBook |
776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
Display text | Printed edition: |
International Standard Book Number | 9783030744496 |
776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
Display text | Printed edition: |
International Standard Book Number | 9783030744519 |
776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
Display text | Printed edition: |
International Standard Book Number | 9783030744526 |
856 40 - ELECTRONIC LOCATION AND ACCESS | |
Uniform Resource Identifier | <a href="https://doi.org/10.1007/978-3-030-74450-2">https://doi.org/10.1007/978-3-030-74450-2</a> |
912 ## - | |
-- | ZDB-2-SCS |
912 ## - | |
-- | ZDB-2-SXCS |
942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
Koha item type | eBooks-CSE-Springer |
No items available.