Linked e-resources
Details
Table of Contents
I1
Introduction
1.1 State of the art in security monitoring and anomaly detection
1.2 Current trends
1.3. future challenges
1.4 Log data analysis: today and tomorrow
1.5 Smart log data analytics: Structure of the book
1.6 Try it out: Hands-on examples throughout the book
2 Survey on log clustering approaches
2.1 Introduction. 2.2 Survey background
2.1 The nature of log data. 2.2 Static clustering
2.3 Dynamic clustering
2.4 Applications in the security domain
2.3 Survey method
2.3.1 Set of criteria
2.3.2 Literature search
2.4 Survey results
2.4.1 Purpose and applicability (P)
2.4.2 Clustering techniques (C)
2.4.3 Anomaly detection (AD)
2.4.4 Evaluation (E). 2.4.5 Discussion
2.5 Conclusion
3 Incremental log data clustering for processing large amounts of data online
3.1 Introduction
3.2 Concept for incremental clustering
3.2.1 Incremental clustering
3.2.2 Description of model
3.2.3 String metrics
3.2.4 Description of model M1. 3.2.5 Time series analysis
3.3 Outlook and further development
3.4 Try it out
3.4.1 Exim Mainlog
3.4.2 Messages log file
4 Generating character-based templates for log data
4.1 Introduction
4.2 Concept for generating character-based templates
4.3 Cluster template generator algorithms4.3.1 Initial matching
4.3.2 Merge algorithm.-4.3.3 Length algorithm
4.3.4 Equalmerge algorithm
4.3.5 Token_char algorithm
4.3.6 Comparison
4.4 Outlook and further development
4.5 Try it out
4.5.1 Exim Mainlog
5 Time series analysis for temporal anomaly detection5.1 Introduction
5.2 Concept for dynamic clustering and AD
5.3 Cluster evolution
5.3.1 Clustering model
5.3.2 Tracking
5.3.3 Transitions
5.3.4 Evolution metrics
5.4 Time series analysis
5.4.1 Model
5.4.2 Forecast
5.4.3 Correlation
5.4.4 Detection
5.5 Example
5.5.1 Long-term analysis of Suricata logs
5.5.2 Short-term analysis of Audit logs
6 AECID: A light-weight log analysis approach for online anomaly detection
6.1 Introduction
6.2 The AECID approach
6.2.1 AMiner
6.2. AECID central
6.2. Detecting anomalies
6.2. Rule generator
6.2. Correlation engine
6.2. Detectable anomalies
6. System deployment and operation
6. Application scenarios
6. Try it out
6.5.1 Configuration of the AMiner for AIT-LDSv1.
6.5.2 Apache Access logs
6.5.3 Exim Mainlog file
6.5.4 Audit logs
7. A concept for a tree-based log parser generator
7.1 Introduction
7.2 Tree-based parser concept
7.3 AECID-PG: tree-based log parser generator
7.3.1 Challenges when generating tree-like parsers
7.3.2 AECID-PG concept
7.3.3 AECID-PG rules
7.3.4 Features
7.4 Outlook and further application
7.5 Try it out
7.5.1 Exim Mainlog
7.5.2 Audit logs
8 Variable type detector for statistical analysis of log tokens
8.1 Introduction.-.-8.2 Variable type detector concept
8.3 Variable type detector algorithm
8.3.1 Sanitize log data
8.3.2 Initialize types
8.3.3 Update types
8.3.4 Compute indicators
8.3.5 Select tokens
8.3.6 Compute indicator weights
8.3.7 Report anomalies
8.4 Try it out
8.4.1 Apache Access log
9. Final remarks.
Introduction
1.1 State of the art in security monitoring and anomaly detection
1.2 Current trends
1.3. future challenges
1.4 Log data analysis: today and tomorrow
1.5 Smart log data analytics: Structure of the book
1.6 Try it out: Hands-on examples throughout the book
2 Survey on log clustering approaches
2.1 Introduction. 2.2 Survey background
2.1 The nature of log data. 2.2 Static clustering
2.3 Dynamic clustering
2.4 Applications in the security domain
2.3 Survey method
2.3.1 Set of criteria
2.3.2 Literature search
2.4 Survey results
2.4.1 Purpose and applicability (P)
2.4.2 Clustering techniques (C)
2.4.3 Anomaly detection (AD)
2.4.4 Evaluation (E). 2.4.5 Discussion
2.5 Conclusion
3 Incremental log data clustering for processing large amounts of data online
3.1 Introduction
3.2 Concept for incremental clustering
3.2.1 Incremental clustering
3.2.2 Description of model
3.2.3 String metrics
3.2.4 Description of model M1. 3.2.5 Time series analysis
3.3 Outlook and further development
3.4 Try it out
3.4.1 Exim Mainlog
3.4.2 Messages log file
4 Generating character-based templates for log data
4.1 Introduction
4.2 Concept for generating character-based templates
4.3 Cluster template generator algorithms4.3.1 Initial matching
4.3.2 Merge algorithm.-4.3.3 Length algorithm
4.3.4 Equalmerge algorithm
4.3.5 Token_char algorithm
4.3.6 Comparison
4.4 Outlook and further development
4.5 Try it out
4.5.1 Exim Mainlog
5 Time series analysis for temporal anomaly detection5.1 Introduction
5.2 Concept for dynamic clustering and AD
5.3 Cluster evolution
5.3.1 Clustering model
5.3.2 Tracking
5.3.3 Transitions
5.3.4 Evolution metrics
5.4 Time series analysis
5.4.1 Model
5.4.2 Forecast
5.4.3 Correlation
5.4.4 Detection
5.5 Example
5.5.1 Long-term analysis of Suricata logs
5.5.2 Short-term analysis of Audit logs
6 AECID: A light-weight log analysis approach for online anomaly detection
6.1 Introduction
6.2 The AECID approach
6.2.1 AMiner
6.2. AECID central
6.2. Detecting anomalies
6.2. Rule generator
6.2. Correlation engine
6.2. Detectable anomalies
6. System deployment and operation
6. Application scenarios
6. Try it out
6.5.1 Configuration of the AMiner for AIT-LDSv1.
6.5.2 Apache Access logs
6.5.3 Exim Mainlog file
6.5.4 Audit logs
7. A concept for a tree-based log parser generator
7.1 Introduction
7.2 Tree-based parser concept
7.3 AECID-PG: tree-based log parser generator
7.3.1 Challenges when generating tree-like parsers
7.3.2 AECID-PG concept
7.3.3 AECID-PG rules
7.3.4 Features
7.4 Outlook and further application
7.5 Try it out
7.5.1 Exim Mainlog
7.5.2 Audit logs
8 Variable type detector for statistical analysis of log tokens
8.1 Introduction.-.-8.2 Variable type detector concept
8.3 Variable type detector algorithm
8.3.1 Sanitize log data
8.3.2 Initialize types
8.3.3 Update types
8.3.4 Compute indicators
8.3.5 Select tokens
8.3.6 Compute indicator weights
8.3.7 Report anomalies
8.4 Try it out
8.4.1 Apache Access log
9. Final remarks.