Log File Analysis with Context-Free Grammars
- Cite this paper as:
- Bosman G., Gruner S. (2013) Log File Analysis with Context-Free Grammars. In: Peterson G., Shenoi S. (eds) Advances in Digital Forensics IX. DigitalForensics 2013. IFIP Advances in Information and Communication Technology, vol 410. Springer, Berlin, Heidelberg
Classical intrusion analysis of network log files uses statistical machine learning or regular expressions. Where statistically machine learning methods are not analytically exact, methods based on regular expressions do not reach up very far in Chomsky’s hierarchy of languages. This paper focuses on parsing traces of network traffic using context-free grammars. “Green grammars” are used to describe acceptable log files while “red grammars” are used to represent known intrusion patterns. This technique can complement or augment existing approaches by providing additional precision. Analytically, the technique is also more powerful than existing techniques that use regular expressions.
KeywordsIntrusion detection log file analysis context-free grammars
Unable to display preview. Download preview PDF.