The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Abe Singer - University of California at San Diego

Students: Fall 2024, unless noted otherwise, sessions will be virtual on Zoom.

Towards Mining Syslog Data

Nov 03, 2004

Download: Video Icon MP4 Video Size: 218.9MB  
Watch on Youtube Watch on YouTube

Abstract

Syslog is the primary source of information about intrusion-related activity on a Unix system. Searching for known messages and patterns in syslog data is easy to do, and many tools are available for doing so. However, information and patterns that are not already "known" -- those that have not been seen or derived already, may provide even more information about attacks and intrusions. Data mining techniques can help us discover and analyze that information, but, the general lack of structure in syslog data makes it impossible to apply these techniques directly to the data. To address the problem, we are researching methods of generating patterns from an archive of system logs which can uniquely identify syslog messages by the variant and invariant elements of the messages. Once syslog messages can be uniquely identified, data mining techniques for use in intrusion detection or forensic analysis will be far more useful.

About the Speaker

Abe Singer is a Computer Security Researcher with the Security Technologies Group at the San Diego Supercomputer Center. Involved with both operational security and research, his work involves growing SDSC logging infrastructure and analysis capabilities, participating in incident response and investigation, and working with the Teragrid Security Working Group. Mr. Singer\'s current research is in analysis of syslog data and data mining of logs for security. In addition to his work at SDSC, Mr. Singer is an occasional consultant and expert witness, and runs the San Diego Regional Information Watch (www.sdriw.org).


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!