Using data mining techniques for diagnostic of virtual systems under control of KVM

Abstract

Analysis of logs of remote network services is one of the most difficult and time consuming task-its amount and variety of types are still growing. With the increasing number of services increases the amount of logs generated by computer programs and their analysis becomes impossible for the common user. However, the same analysis is essential because it provides a large amount of information necessary for the maintenance of the system in good shape thus ensuring the safety of their users. All ways of relevant information filtering, which reduce the log for further analysis, require human expertise and too much work. Nowadays, researches take the advantage of data mining with techniques such as genetic and clustering algorithms, neural networks etc., to analyze system's security logs in order to detect intrusions or suspicious activity. Some of these techniques make it possible to achieve satisfactory results, yet requiring a very large number of attributes gathered by network traffic to detect useful information. To solve this problem we use and evaluate some data mining techniques (Decision Trees, Correspondence Analysis and Hierarchical Clustering) in a reduced number of attributes on some log data sets acquired from a real network, in order to classify traffic logs as normal or suspicious. The results obtained allow an independent interpretation and to determine which attributes were used to make a decision. This approach reduces the number of logs the administrator is forced to view, also contributes to improve efficiency and help identify new types and sources of attacks. © 2013 Springer Science+Business Media.