Log File Analysis with Context-Free Grammars

  • Gregory Bosman
  • Stefan Gruner
Conference paper

DOI: 10.1007/978-3-642-41148-9_10

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 410)
Cite this paper as:
Bosman G., Gruner S. (2013) Log File Analysis with Context-Free Grammars. In: Peterson G., Shenoi S. (eds) Advances in Digital Forensics IX. DigitalForensics 2013. IFIP Advances in Information and Communication Technology, vol 410. Springer, Berlin, Heidelberg

Abstract

Classical intrusion analysis of network log files uses statistical machine learning or regular expressions. Where statistically machine learning methods are not analytically exact, methods based on regular expressions do not reach up very far in Chomsky’s hierarchy of languages. This paper focuses on parsing traces of network traffic using context-free grammars. “Green grammars” are used to describe acceptable log files while “red grammars” are used to represent known intrusion patterns. This technique can complement or augment existing approaches by providing additional precision. Analytically, the technique is also more powerful than existing techniques that use regular expressions.

Keywords

Intrusion detection log file analysis context-free grammars 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Gregory Bosman
    • 1
  • Stefan Gruner
    • 1
  1. 1.Department of Computer ScienceUniversity of PretoriaPretoriaSouth Africa

Personalised recommendations