Abstract
Abstr. of event logs is the creation of a template that contains the most common words representing all members in a group of event log entries. Abstraction helps the forensic investigators to obtain an overall view of the main events in a log file. Existing log abstraction methods require user input parameters. This manual input is time consuming due to the need to identify the best parameters, especially when a log file is large. We propose an automatic method to facilitate event log abstraction avoiding the need for the user to manually identify suitable parameters. We model event logs as a graph and propose a new graph clustering approach to group log entries. The abstraction is then extracted from each cluster. Experimental results show that the proposed method achieves superior performance compared to existing approaches with an F-measure of 95.35%.
Author supplied keywords
Cite
CITATION STYLE
Studiawan, H., Sohel, F., & Payne, C. (2020). Automatic Event Log Abstraction to Support Forensic Investigation. In ACM International Conference Proceeding Series. Association for Computing Machinery. https://doi.org/10.1145/3373017.3373018
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
