Semantic Interpretation of Structured Log Files
| dc.contributor.author | Nimbalkar, Piyush | |
| dc.contributor.author | Mulwad, Varish | |
| dc.contributor.author | Puranik, Nikhil | |
| dc.contributor.author | Joshi, Anupam | |
| dc.contributor.author | Finin, Tim | |
| dc.date.accessioned | 2018-10-30T16:52:29Z | |
| dc.date.available | 2018-10-30T16:52:29Z | |
| dc.date.issued | 2016-12-19 | |
| dc.description | 17th IEEE International Conference on Information Reuse and Integration | en_US |
| dc.description.abstract | Data from computer log files record traces of events involving user activity, applications, system software and network traffic. Logs are usually intended for diagnostic and debugging purposes, but their data can be extremely useful in system audits and forensic investigations. Logs created by intrusion detection systems, web servers, anti-virus and anti-malware systems, firewalls and network devices have information that can reconstruct the activities of malware or a malicious agent, help plan for remediation and prevent attacks by revealing probes or intrusions before damage has been done. While existing tools like Splunk can help analyze logs with known schemas, understanding log whose format is unfamiliar or associated with new device or custom application can be challenging. We describe a framework for analyzing logs and automatically generating a semantic description of their schema and content in RDF. The framework begins by normalizing the log into columns and rows using regular expression-based and dictionary-based classifiers. Leveraging our existing work on inferring the semantics of tables, we associate semantic types with columns and, when possible, map them to concepts in general knowledge-bases (e.g. DBpedia) and domain specific ones (e.g., Unified Cybersecurity Ontology). We link cell values to known type instances (e.g., an IP address) and suggest relationships between columns. Converting large and verbose log files into such semantic representations reveals their meaning and supports search, integration and reasoning over the data. | en_US |
| dc.description.sponsorship | Support for this work was provided by NSF grants 1250627, 1228198 and a gift from Microsoft. One of the authors also acknowledges support from the Oros Family Professorship endowment. | en_US |
| dc.description.uri | https://ieeexplore.ieee.org/document/7785790 | en_US |
| dc.format.extent | 7 pages | en_US |
| dc.genre | conference papers and proceedings pre-print | en_US |
| dc.identifier | doi:10.13016/M2DZ0355X | |
| dc.identifier.citation | Piyush Nimbalkar, Varish Mulwad, Nikhil Puranik, Anupam Joshi, and Tim Finin, Semantic Interpretation of Structured Log Files, 2016 IEEE 17th International Conference on Information Reuse and Integration (IRI) , 10.1109/IRI.2016.81 | en_US |
| dc.identifier.uri | 10.1109/IRI.2016.81 | |
| dc.identifier.uri | http://hdl.handle.net/11603/11791 | |
| dc.language.iso | en_US | en_US |
| dc.publisher | IEEE | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
| dc.rights | © 2016 IEEE | |
| dc.subject | log files | en_US |
| dc.subject | Cybersecurity | en_US |
| dc.subject | linked data | en_US |
| dc.subject | firewalls | en_US |
| dc.subject | invasive software | en_US |
| dc.subject | pattern classification | en_US |
| dc.subject | semantic interpretation | en_US |
| dc.subject | UMBC Ebiquity Research Group | en_US |
| dc.subject | regular expression-based classifiers | en_US |
| dc.subject | network devices | en_US |
| dc.subject | anti-malware systems | en_US |
| dc.subject | Resource description framework | en_US |
| dc.subject | Ontologies | en_US |
| dc.title | Semantic Interpretation of Structured Log Files | en_US |
| dc.type | Text | en_US |