System log clustering approaches for cyber security applications: A survey. Issue 92 (May 2020)
- Record Type:
- Journal Article
- Title:
- System log clustering approaches for cyber security applications: A survey. Issue 92 (May 2020)
- Main Title:
- System log clustering approaches for cyber security applications: A survey
- Authors:
- Landauer, Max
Skopik, Florian
Wurzenberger, Markus
Rauber, Andreas - Abstract:
- Abstract: Log files give insight into the state of a computer system and enable the detection of anomalous events relevant to cyber security. However, automatically analyzing log data is difficult since it contains massive amounts of unstructured and diverse messages collected from heterogeneous sources. Therefore, several approaches that condense or summarize log data by means of clustering techniques have been proposed. Picking the right approach for a particular application domain is, however, non-trivial, since algorithms are designed towards specific objectives and requirements. This paper therefore surveys existing approaches. It thereby groups approaches by their clustering techniques, reviews their applicability and limitations, discusses trends and identifies gaps. The survey reveals that approaches usually pursue one or more of four major objectives: overview and filtering, parsing and signature extraction, static outlier detection, and sequences and dynamic anomaly detection. Finally, this paper also outlines a concept and tool that support the selection of appropriate approaches based on user-defined requirements.
- Is Part Of:
- Computers & security. Issue 92(2020)
- Journal:
- Computers & security
- Issue:
- Issue 92(2020)
- Issue Display:
- Volume 92, Issue 92 (2020)
- Year:
- 2020
- Volume:
- 92
- Issue:
- 92
- Issue Sort Value:
- 2020-0092-0092-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-05
- Subjects:
- Log clustering -- Cyber security -- Log mining -- Signature extraction -- Anomaly detection
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2020.101739 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 13519.xml