- Title
- Log analysis aided by latent semantic mapping
- Creator
- Buys, Stephanus
- ThesisAdvisor
- Irwin, Barry
- ThesisAdvisor
- Motara, Yusuf
- Subject
- Latent semantic indexing
- Subject
- Data mining
- Subject
- Computer networks -- Security measures
- Subject
- Computer hackers
- Subject
- Computer security
- Date
- 2013
- Date
- 2013-04-14
- Type
- Thesis
- Type
- Masters
- Type
- MSc
- Identifier
- vital:4575
- Identifier
- http://hdl.handle.net/10962/d1002963
- Identifier
- Latent semantic indexing
- Identifier
- Data mining
- Identifier
- Computer networks -- Security measures
- Identifier
- Computer hackers
- Identifier
- Computer security
- Description
- In an age of zero-day exploits and increased on-line attacks on computing infrastructure, operational security practitioners are becoming increasingly aware of the value of the information captured in log events. Analysis of these events is critical during incident response, forensic investigations related to network breaches, hacking attacks and data leaks. Such analysis has led to the discipline of Security Event Analysis, also known as Log Analysis. There are several challenges when dealing with events, foremost being the increased volumes at which events are often generated and stored. Furthermore, events are often captured as unstructured data, with very little consistency in the formats or contents of the events. In this environment, security analysts and implementers of Log Management (LM) or Security Information and Event Management (SIEM) systems face the daunting task of identifying, classifying and disambiguating massive volumes of events in order for security analysis and automation to proceed. Latent Semantic Mapping (LSM) is a proven paradigm shown to be an effective method of, among other things, enabling word clustering, document clustering, topic clustering and semantic inference. This research is an investigation into the practical application of LSM in the discipline of Security Event Analysis, showing the value of using LSM to assist practitioners in identifying types of events, classifying events as belonging to certain sources or technologies and disambiguating different events from each other. The culmination of this research presents adaptations to traditional natural language processing techniques that resulted in improved efficacy of LSM when dealing with Security Event Analysis. This research provides strong evidence supporting the wider adoption and use of LSM, as well as further investigation into Security Event Analysis assisted by LSM and other natural language or computer-learning processing techniques.
- Description
- LaTeX with hyperref package
- Description
- Adobe Acrobat 9.54 Paper Capture Plug-in
- Format
- 131 p., pdf
- Publisher
- Rhodes University, Faculty of Science, Computer Science
- Language
- English
- Rights
- Buys, Stephanus
- Hits: 3020
- Visitors: 3158
- Downloads: 202
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details | SOURCEPDF | 1011 KB | Adobe Acrobat PDF | View Details |