Abstract
Signature extraction is a key part of forensic log analysis. It involves recognizing patterns in log lines such that log lines that originated from the same line of code are grouped together. A log signature consists of immutable parts and mutable parts. The immutable parts define the signature, and the mutable parts are typically variable parameter values. In practice, the number of log lines and signatures can be quite large, and the task of detecting and aligning immutable parts of the logs to extract the signatures becomes a significant challenge. We propose a novel method based on a neural language model that outperforms the current state-of-the-art on signature extraction. We use an RNN auto-encoder to create an embedding of the log lines. Log lines embedded in such a way can be clustered to extract the signatures in an unsupervised manner.
Author supplied keywords
Cite
CITATION STYLE
Thaler, S., Menkovski, V., & Petkovic, M. (2017). Unsupervised Signature Extraction from Forensic Logs. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10536 LNAI, pp. 305–316). Springer Verlag. https://doi.org/10.1007/978-3-319-71273-4_25
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
